CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,435 vulnerabilities with CWE-79
CVE-2024-9178 MEDIUM
XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9878 MEDIUM
Photo Gallery by 10Web < 1.8.30 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9667 MEDIUM
Seriously Simple Podcasting <= 3.5.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9443 MEDIUM
Basticom Framework <= 1.5.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9883 MEDIUM
Pods WordPress Plugin < 3.2.7.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-7877 MEDIUM
Simply Schedule Appointments < 1.6.7.55 - Authenticated Stored Cross-Site Scripting in Notification Settings
CVSS 4.8
CVE-2024-7876 MEDIUM
Simply Schedule Appointments < 1.6.7.55 - Authenticated Stored Cross-Site Scripting in Appointment Type Settings
CVSS 4.8
CVE-2024-5578 MEDIUM
Table of Contents Plus < 2408 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10807 LOW
Hospital Management System 4.0 - Cross-Site Scripting via searchdata Parameter
CVSS 2.4
CVE-2024-10340 MEDIUM
Shortcodes Blocks Creator Ultimate <2.1.3 - XSS
CVSS 6.4
CVE-2024-10806 LOW
Hospital Management System 4.0 - Cross-Site Scripting via betweendates-detailsreports.php fromdate/todate Parameters
CVSS 2.4
CVE-2024-51498 MEDIUM
cobalt < 10.2.1 - Cross-Site Scripting via JavaScript Protocol Links
CVE-2024-50346 MEDIUM
WebFeed < 0.9.2 - HTML Injection via Malicious RSS Feed
CVE-2024-31448 HIGH
Combodo iTop < 3.1.2 - Stored Cross-Site Scripting via CSV Import
CVSS 8.8
CVE-2024-48059 MEDIUM
gaizhenbiao/chuanhuchatgpt <=20240802 - Stored Cross-Site Scripting via WebSocket Session Transmission
CVSS 6.1
CVE-2024-48057 MEDIUM
mudler/localai <=2.20.1 - Cross-Site Scripting via Delete Model API
CVSS 6.1
CVE-2024-30618 MEDIUM
Chamilo LMS 1.11.26 - Stored Cross-Site Scripting via Group Topics Content Parameter
CVSS 6.1
CVE-2024-10768 LOW
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Scripting in two_tables.php
CVSS 3.5
CVE-2024-51328 MEDIUM
projectworlds Travel Management System 1.0 - Stored Cross-Site Scripting via addcategory.php t2 Parameter
CVSS 6.1
CVE-2024-51685 MEDIUM
Accordion title for Elementor <1.2.1 - XSS
CVSS 5.9
CVE-2024-51683 MEDIUM
Custom post type templates for Elementor <= 1.10.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51682 MEDIUM
HasThemes HT Builder - WordPress Theme Builder for Elementor <1.3.0...
CVSS 6.5
CVE-2024-51681 MEDIUM
CodeRevolution WP Pocket URLs <1.0.3 - XSS
CVSS 6.5
CVE-2024-51680 MEDIUM
Cresta Addons for Elementor <1.0.9 - XSS
CVSS 6.5
CVE-2024-51678 MEDIUM
Marcel Pol Elo Rating Shortcode <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,435
Exploit Likelihood High