CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,435 vulnerabilities with CWE-79
CVE-2024-8871 MEDIUM
Easy Pricing Tables <= 3.2.5 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9886 MEDIUM
WP Baidu Map <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9885 MEDIUM
Widget or Sidebar Shortcode <0.6.1 - XSS
CVSS 6.4
CVE-2024-9884 MEDIUM
T(-) Countdown <= 2.4.8 - Authenticated Stored Cross-Site Scripting via 'tminus' Shortcode
CVSS 6.4
CVE-2024-8792 MEDIUM
WordPress Subscribe to Comments <2.4 - XSS
CVSS 6.1
CVE-2024-8627 MEDIUM
Ultimate TinyMCE <= 5.7 - Authenticated Stored Cross-Site Scripting via Field Shortcode
CVSS 6.4
CVE-2024-10503 LOW
Klokan MapTiler tileserver-gl 2.3.1 - Cross-Site Scripting via URL Handler
CVSS 3.5
CVE-2024-50348 MEDIUM
InstantCMS < 2.16.3 - Stored Cross-Site Scripting via Photo Upload Function
CVSS 5.4
CVE-2024-44081 CRITICAL
8x8 jitsi_meet < 2.0.9779 - Cross-Site Scripting via Video File Sharing URL
CVSS 9.8
CVE-2024-44080 HIGH
8x8 jitsi_meet < 2.0.9779 - Cross-Site Scripting via Giphy Image URL
CVSS 7.5
CVE-2024-48461 MEDIUM
TeslaLogger Admin Panel <1.59.6 - XSS
CVSS 4.8
CVE-2024-9505 MEDIUM
Beaver Builder < 2.8.4.3 - Authenticated Stored Cross-Site Scripting via Button Widget
CVSS 6.4
CVE-2024-51076 MEDIUM
PHPGurukul Online DJ Booking Management System 1.0 - Reflected Cross-Site Scripting via Booking Search Parameter
CVSS 6.1
CVE-2024-51075 MEDIUM
PHPGurukul Online DJ Booking Management System 1.0 - Reflected Cross-Site Scripting via User Search Parameter
CVSS 6.1
CVE-2024-49634 HIGH
Rimon Habib BP Member Type Manager - XSS
CVSS 7.1
CVE-2024-49632 HIGH
Coral Web Design CWD 3D Image Gallery - XSS
CVSS 7.1
CVE-2024-47640 HIGH
weDevs WP ERP <= 1.13.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-10226 MEDIUM
Arconix Shortcodes <= 2.1.13 - Authenticated Stored Cross-Site Scripting via Box Shortcode
CVSS 6.4
CVE-2024-6581 CRITICAL
Lollms v9.9 - Cross-Site Scripting via SVG Upload in Discussion Image Function
CVSS 9.0
CVE-2024-51181 MEDIUM
PHPGurukul IFSC Code Finder Project 1.0 - Reflected Cross-Site Scripting via searchifsccode Parameter
CVSS 6.1
CVE-2024-51180 MEDIUM
PHPGurukul IFSC Code Finder Project 1.0 - Reflected Cross-Site Scripting via searchifsccode Parameter
CVSS 6.1
CVE-2024-49645 HIGH
Ilias Gomatos Affiliate Platform <1.4.8 - XSS
CVSS 7.1
CVE-2024-49643 HIGH
Abdullah Irfan Whitelist <3.5 - XSS
CVSS 7.1
CVE-2024-49641 HIGH
Tida URL Screenshot <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49640 HIGH
AmaderCode Lab ACL Floating Cart for WooCommerce - XSS
CVSS 7.1
Details
Vulnerabilities 45,435
Exploit Likelihood High