CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,423 vulnerabilities with CWE-79
CVE-2024-50520 MEDIUM
Ancient World Linked Data <0.2.1 - XSS
CVSS 6.5
CVE-2024-50519 HIGH
Visser Labs Jigoshop - Store Exporter <1.5.8 - XSS
CVSS 7.1
CVE-2024-50518 MEDIUM
Common Ninja Pricer Ninja <2.1.0 - XSS
CVSS 6.5
CVE-2024-50517 MEDIUM
SlovenskoIT a.s. ID-SK Toolkit <1.7.2 - XSS
CVSS 6.5
CVE-2024-50516 MEDIUM
Countdown & Clock <= 3.0.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50515 MEDIUM
Ninja Forms <= 3.8.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50514 MEDIUM
Ninja Forms <= 3.8.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50513 MEDIUM
PostX <= 4.1.15 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50803 MEDIUM
Redaxo < 5.18.0 - Stored Cross-Site Scripting in Mediapool Feature
CVSS 5.4
CVE-2024-9830 MEDIUM
Bard <= 2.216 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9777 MEDIUM
Ashe < 2.243 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11224 MEDIUM
Parallax Image <= 1.9 - Authenticated Stored Cross-Site Scripting via Position Parameter
CVSS 6.4
CVE-2024-11198 MEDIUM
GD Rating System <= 3.6.1 - Authenticated Stored Cross-Site Scripting via Extra Class Parameter
CVSS 6.4
CVE-2024-11195 MEDIUM
Email Subscription Popup <= 1.2.22 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11098 MEDIUM
SVG Block plugin - WordPress <1.1.25 - XSS
CVSS 5.5
CVE-2024-10388 HIGH
WordPress GDPR <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting via gdpr_firstname and gdpr_lastname Parameters
CVSS 7.2
CVE-2024-10268 MEDIUM
MP3 Audio Player by Sonaar <= 5.8 - Authenticated Stored XSS via sonaar_audioplayer Shortcode
CVSS 6.4
CVE-2024-10103 MEDIUM
MailPoet < 5.3.2 - Stored Cross-Site Scripting via Editor Role
CVSS 6.1
CVE-2024-52340 MEDIUM
Marty Thornley Photographer Connections <1.3.1 - XSS
CVSS 6.5
CVE-2024-52339 MEDIUM
Mage Front End Forms <= 1.1.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51940 MEDIUM
SohelWPExpert WP Responsive Video <1.0 - XSS
CVSS 6.5
CVE-2024-51939 MEDIUM
S anthosh veer Stylish Internal Links <1.9 - XSS
CVSS 6.5
CVE-2024-33231 MEDIUM
Ferozo Email 1.1 - Cross-Site Scripting via PDF Preview Component
CVSS 5.4
CVE-2024-52418 HIGH
CactusThemes Gameplan <1.5.10 - XSS
CVSS 7.1
CVE-2024-52417 HIGH
BoldThemes ReConstruction <1.4.7 - XSS
CVSS 7.1
Details
Vulnerabilities 45,423
Exploit Likelihood High