CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,430 vulnerabilities with CWE-79
CVE-2024-51780 HIGH
eewee admin custom <= 1.8.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-51779 HIGH
Stranger Studios - WordCamp Philly - Don't Break The Code <0.3.1 - XSS
CVSS 7.1
CVE-2024-51778 HIGH
Starfish Reviews Satisfaction Reports <2.0.3 - XSS
CVSS 7.1
CVE-2024-51776 HIGH
samhotchkiss Daily Image <1.0 - XSS
CVSS 7.1
CVE-2024-51763 HIGH
Biplob Adhikari Team Showcase and Slider - XSS
CVSS 7.1
CVE-2024-51762 HIGH
Nightshift Creative PropertyShift <1.0.0 - XSS
CVSS 7.1
CVE-2024-10676 HIGH
Wojciech Borowicz Conversion Helper <1.12 - XSS
CVSS 7.1
CVE-2024-51787 MEDIUM
QuomodoSoft ElementsReady <6.4.3 - XSS
CVSS 6.5
CVE-2024-51786 MEDIUM
Realty by BestWebSoft <= 1.1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51784 HIGH
VietFriend FriendStore <1.4.2 - XSS
CVSS 7.1
CVE-2024-51783 HIGH
Forms: 3rd-Party Post Again <= 0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-51782 HIGH
Sanjaysolutions Loginplus <1.2 - XSS
CVSS 7.1
CVE-2024-10876 MEDIUM
Charitable - Donation Plugin for WordPress <= 1.8.3 - Unauthenticated Reflected XSS
CVSS 6.1
CVE-2024-10683 MEDIUM
Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected XSS via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9226 MEDIUM
Landing Page Cat <= 1.7.6 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9775 MEDIUM
Anih - Creative Agency WordPress Theme < 2024 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2024-9270 MEDIUM
Lenxel Core - WordPress LMS <1.1 - XSS
CVSS 6.4
CVE-2024-8960 MEDIUM
Cowidgets - Elementor Addons < 1.2.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-52000 MEDIUM
Combodo iTop < 3.2.0 - Reflected Cross-Site Scripting via Request Payload
CVSS 6.1
CVE-2024-51055 MEDIUM
hoosk 1.7.1 - Remote Code Execution via config.php
CVSS 6.5
CVE-2024-50810 MEDIUM
hopetree izone lts c011b48 - Stored Cross-Site Scripting in Article Comment Function
CVSS 5.4
CVE-2024-9841 MEDIUM
ArcSight Management Center < 3.2.5 and ArcSight Platform < 24.2.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-51032 MEDIUM
Sourcecodester Toll Tax Management System 1.0 - Authenticated Stored Cross-Site Scripting via Owner Input Field
CVSS 5.4
CVE-2024-51031 MEDIUM
Sourcecodester Cab Management System 1.0 - Authenticated Stored Cross-Site Scripting via User Name Fields
CVSS 5.4
CVE-2024-10325 MEDIUM
Elementor Header & Footer Builder <= 1.6.45 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
Details
Vulnerabilities 45,430
Exploit Likelihood High