CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-11202 MEDIUM
CM WordPress Search And Replace Plugin <1.4.2 - Unauthenticated XSS via cminds_free_guide Shortcode
CVSS 6.1
CVE-2024-10471 MEDIUM
Everest Forms < 3.0.4.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-53278 MEDIUM
WP Admin UI Customize <1.5.14 - XSS
CVSS 4.8
CVE-2024-11418 MEDIUM
WooCommerce Additional Order Filters <= 1.21 - Unauthenticated XSS via shipping_method_filter
CVSS 6.1
CVE-2024-11678 LOW
CodeAstro Hospital Management System 1.0 - XSS
CVSS 3.5
CVE-2024-11677 LOW
CodeAstro Hospital Management System 1.0 - XSS
CVSS 3.5
CVE-2024-11676 LOW
CodeAstro Hospital Management System 1.0 - XSS
CVSS 3.5
CVE-2024-11675 LOW
CodeAstro Hospital Management System 1.0 - XSS
CVSS 3.5
CVE-2024-53843 HIGH
keycloak-connector-server < 2.5.5 - Reflected Cross-Site Scripting via URL Parameter Injection
CVSS 8.1
CVE-2024-53556 MEDIUM
Taiga 6.8.1 - Open Redirect via Login Next Parameter
CVSS 6.1
CVE-2024-53262 MEDIUM
SvelteKit < 2.8.3 - Cross-Site Scripting in Error Page Template
CVSS 5.4
CVE-2024-53261 MEDIUM
SvelteKit < 2.8.3 - Cross-Site Scripting via Request URL
CVSS 5.4
CVE-2024-53599 MEDIUM
LafeLabs Chaos 0.0.1 - Cross-Site Scripting via /scroll.php Endpoint
CVSS 5.4
CVE-2024-53255 MEDIUM
BoidCMS < 2.1.2 - Reflected Cross-Site Scripting via Media File Parameter
CVSS 5.4
CVE-2024-51723 MEDIUM
BlackBerry AtHoc 7.15 - Stored Cross-Site Scripting in Management Console
CVSS 4.6
CVE-2024-32468 MEDIUM
deno_doc < 0.119.0 - Cross-Site Scripting in Generated search_index.js and Property Names
CVSS 5.4
CVE-2024-11660 LOW
Farmacia 1.0 - Cross-Site Scripting via usuario.php name Parameter
CVSS 3.5
CVE-2024-7056 LOW
WPForms < 1.9.1.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-6393 MEDIUM
NextGEN Gallery < 3.59.5 - Authenticated Stored Cross-Site Scripting in Images Settings
CVSS 4.8
CVE-2024-10710 LOW
YaDisk Files WordPress plugin < 1.2.5 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-10709 MEDIUM
YaDisk Files WordPress Plugin < 1.2.5 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.8
CVE-2024-53930 MEDIUM
WikiDocs < 1.0.65 - Authenticated Stored Cross-Site Scripting via KaTeX Parser
CVSS 5.4
CVE-2024-11231 MEDIUM
우커머스 네이버페이 Plugin <=3.3.7 - XSS
CVSS 6.4
CVE-2024-11229 MEDIUM
WordPress SocialTalk Plugin <=1.1.18 - XSS
CVSS 6.4
CVE-2024-11228 MEDIUM
WordPress SimplePay for WooCommerce <=5.1.4 - XSS
CVSS 6.4
Details
Vulnerabilities 45,417
Exploit Likelihood High