CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,430 vulnerabilities with CWE-79
CVE-2024-51780
HIGH
eewee admin custom <= 1.8.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-51779
HIGH
Stranger Studios - WordCamp Philly - Don't Break The Code <0.3.1 - XSS
CVSS 7.1
CVE-2024-51778
HIGH
Starfish Reviews Satisfaction Reports <2.0.3 - XSS
CVSS 7.1
CVE-2024-51776
HIGH
samhotchkiss Daily Image <1.0 - XSS
CVSS 7.1
CVE-2024-51763
HIGH
Biplob Adhikari Team Showcase and Slider - XSS
CVSS 7.1
CVE-2024-51762
HIGH
Nightshift Creative PropertyShift <1.0.0 - XSS
CVSS 7.1
CVE-2024-10676
HIGH
Wojciech Borowicz Conversion Helper <1.12 - XSS
CVSS 7.1
CVE-2024-51787
MEDIUM
QuomodoSoft ElementsReady <6.4.3 - XSS
CVSS 6.5
CVE-2024-51786
MEDIUM
Realty by BestWebSoft <= 1.1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51784
HIGH
VietFriend FriendStore <1.4.2 - XSS
CVSS 7.1
CVE-2024-51783
HIGH
Forms: 3rd-Party Post Again <= 0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-51782
HIGH
Sanjaysolutions Loginplus <1.2 - XSS
CVSS 7.1
CVE-2024-10876
MEDIUM
Charitable - Donation Plugin for WordPress <= 1.8.3 - Unauthenticated Reflected XSS
CVSS 6.1
CVE-2024-10683
MEDIUM
Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9226
MEDIUM
Landing Page Cat <= 1.7.6 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9775
MEDIUM
Anih - Creative Agency WordPress Theme < 2024 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2024-9270
MEDIUM
Lenxel Core - WordPress LMS <1.1 - XSS
CVSS 6.4
CVE-2024-8960
MEDIUM
Cowidgets - Elementor Addons < 1.2.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-52000
MEDIUM
Combodo iTop < 3.2.0 - Reflected Cross-Site Scripting via Request Payload
CVSS 6.1
CVE-2024-51055
MEDIUM
hoosk 1.7.1 - Remote Code Execution via config.php
CVSS 6.5
CVE-2024-50810
MEDIUM
hopetree izone lts c011b48 - Stored Cross-Site Scripting in Article Comment Function
CVSS 5.4
CVE-2024-9841
MEDIUM
ArcSight Management Center < 3.2.5 and ArcSight Platform < 24.2.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-51032
MEDIUM
Sourcecodester Toll Tax Management System 1.0 - Authenticated Stored Cross-Site Scripting via Owner Input Field
CVSS 5.4
CVE-2024-51031
MEDIUM
Sourcecodester Cab Management System 1.0 - Authenticated Stored Cross-Site Scripting via User Name Fields
CVSS 5.4
CVE-2024-10325
MEDIUM
Elementor Header & Footer Builder <= 1.6.45 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
Details
Vulnerabilities
45,430
Exploit Likelihood
High