CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-10872 MEDIUM
Getwid - Gutenberg Blocks <= 2.0.12 - Authenticated Stored Cross-Site Scripting via Template Post Custom Field Block
CVSS 6.4
CVE-2024-10891 MEDIUM
Save as PDF Plugin by PDFCrowd <= 4.2.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9239 MEDIUM
Booster for WooCommerce <= 7.2.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-8726 MEDIUM
MailChimp Forms by MailMunch <3.2.3 - XSS
CVSS 6.1
CVE-2024-11277 MEDIUM
404 Solution < 2.35.19 - Unauthenticated Reflected Cross-Site Scripting via URL
CVSS 6.1
CVE-2024-9653 MEDIUM
Restaurant Menu - Food Ordering System <= 2.4.2 - Reflected XSS via Action Parameter
CVSS 6.1
CVE-2024-10515 LOW
SEO Plugin by Squirrly SEO < 12.3.21 - Stored Cross-Site Scripting
CVSS 3.5
CVE-2024-11278 MEDIUM
GD bbPress Attachments <4.7.2 - XSS
CVSS 6.1
CVE-2024-44309 MEDIUM KEV
Debian Linux < 18.1.1 - XSS
CVSS 6.3
CVE-2024-52595 HIGH
lxml_html_clean < 0.4.0 - Cross-Site Scripting via Improper Context-Switching Tag Handling
CVSS 7.7
CVE-2024-30424 MEDIUM
Beaver Builder Addons by WPZOOM <= 1.3.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-11400 MEDIUM
HUSKY - Products Filter Professional - XSS
CVSS 6.1
CVE-2024-52763 MEDIUM
ganglia-web 3.7.3-3.7.5 - Cross-Site Scripting via graph_all_periods.php g Parameter
CVSS 5.4
CVE-2024-52762 MEDIUM
ganglia-web 3.73-3.76 - Cross-Site Scripting via tz Parameter in header.php
CVSS 5.4
CVE-2024-50430 MEDIUM
Beaver Builder <= 2.8.3.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-51938 MEDIUM
NicheAddons Charity Addon <1.3.2 - XSS
CVSS 6.5
CVE-2024-51937 MEDIUM
IA Map Analytics Basic <= 20170413 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-51936 MEDIUM
Henry ESB Testimonials <1.0.0 - XSS
CVSS 6.5
CVE-2024-51935 MEDIUM
Sam Perrow Fast Video & Image Display <2.5.2 - XSS
CVSS 6.5
CVE-2024-51934 MEDIUM
Ekiline Block Collection <1.0.5 - XSS
CVSS 6.5
CVE-2024-51933 MEDIUM
Cookie Nonsense for YT <1.2.0 - XSS
CVSS 6.5
CVE-2024-51932 MEDIUM
Saif Bin-Alam Kings Tab Slider - XSS
CVSS 6.5
CVE-2024-51931 MEDIUM
AzonBox <= 1.1.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-51930 MEDIUM
Jie Wang Custom URL Shortener <0.3.6 - XSS
CVSS 6.5
CVE-2024-51929 MEDIUM
Phil Spectrum Icon Widget <1.1.0 - XSS
CVSS 6.5
Details
Vulnerabilities 45,417
Exploit Likelihood High