CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-11227 MEDIUM
Memberlite Shortcodes <= 1.3.9 - Authenticated Stored Cross-Site Scripting via Accordion Shortcode Attributes
CVSS 6.4
CVE-2024-11199 MEDIUM
Rescue Shortcodes <= 2.9 - Authenticated Stored Cross-Site Scripting via rescue_progressbar Shortcode
CVSS 6.4
CVE-2024-10519 MEDIUM
Wishlist for WooCommerce 3.0.8-3.1.2 - Reflected Cross-Site Scripting via 'wtab' Parameter
CVSS 6.1
CVE-2024-9635 MEDIUM
WooCommerce <= 6.0.2 - Unauthenticated Reflected XSS via _wp_http_referer
CVSS 6.1
CVE-2024-11446 MEDIUM
Chessgame Shizzle <= 1.3.0 - Unauthenticated Reflected Cross-Site Scripting via cs_nonce Parameter
CVSS 6.1
CVE-2024-11330 MEDIUM
Custom CSS, JS & PHP <= 2.3.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg & remove_query_arg
CVSS 6.1
CVE-2024-11188 MEDIUM
Formidable Forms < 6.16.1.2 - Unauthenticated Reflected Cross-Site Scripting via Custom HTML Form Parameters
CVSS 6.1
CVE-2024-11426 MEDIUM
AutoListicle <= 1.2.3 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2024-11408 MEDIUM
Slotti Ajanvaraus <= 1.3.0 - Authenticated Stored Cross-Site Scripting via 'slotti' Shortcode
CVSS 6.4
CVE-2024-11387 MEDIUM
Easy Liveblogs <= 2.3.5 - Authenticated Stored Cross-Site Scripting via elb_liveblog Shortcode
CVSS 6.4
CVE-2024-11361 MEDIUM
PDF Invoices & Packing Slips Generator <2.2.1 - XSS
CVSS 6.1
CVE-2024-11332 MEDIUM
WordPress Sign HIPAA documents <1.3.4 - XSS
CVSS 6.4
CVE-2024-10880 MEDIUM
JobBoardWP <= 1.3.0 - Unauthenticated Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-11463 MEDIUM
DeBounce Email Validator <5.6.5 - XSS
CVSS 6.1
CVE-2024-11362 MEDIUM
WooCommerce Stripe/PayPal/Square/Auth.net <1.112.0 - XSS
CVSS 6.1
CVE-2024-10886 MEDIUM
Tribute Testimonials - WordPress Testimonial Grid/Slider <1.0.4 - XSS
CVSS 6.4
CVE-2024-10874 MEDIUM
Quotes llama <= 3.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10869 MEDIUM
WordPress Brute Force Protection - XSS
CVSS 6.1
CVE-2024-10116 MEDIUM
Twitter Follow Button plugin - WordPress <0.3 - XSS
CVSS 6.4
CVE-2024-47863 MEDIUM
Centreon Web <24.10.0, <24.04.8, <23.10.18, <23.04.23, <22.10.26 - XSS
CVSS 6.2
CVE-2024-37783 MEDIUM
Gladinet CentreStack <13.12.9934.54690 - XSS
CVSS 5.4
CVE-2024-52793 MEDIUM
Deno Standard Library <1.0.11 - XSS
CVE-2024-50965 MEDIUM
Public Knowledge Project PKP Platform OJS/OMP/OPS < 3.3.0.16 - Cross-Site Scripting
CVSS 5.4
CVE-2024-32770 MEDIUM
QNAP Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2024-32769 MEDIUM
QNAP Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
Details
Vulnerabilities 45,417
Exploit Likelihood High