CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,435 vulnerabilities with CWE-79
CVE-2024-8871
MEDIUM
Easy Pricing Tables <= 3.2.5 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9886
MEDIUM
WP Baidu Map <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9885
MEDIUM
Widget or Sidebar Shortcode <0.6.1 - XSS
CVSS 6.4
CVE-2024-9884
MEDIUM
T(-) Countdown <= 2.4.8 - Authenticated Stored Cross-Site Scripting via 'tminus' Shortcode
CVSS 6.4
CVE-2024-8792
MEDIUM
WordPress Subscribe to Comments <2.4 - XSS
CVSS 6.1
CVE-2024-8627
MEDIUM
Ultimate TinyMCE <= 5.7 - Authenticated Stored Cross-Site Scripting via Field Shortcode
CVSS 6.4
CVE-2024-10503
LOW
Klokan MapTiler tileserver-gl 2.3.1 - Cross-Site Scripting via URL Handler
CVSS 3.5
CVE-2024-50348
MEDIUM
InstantCMS < 2.16.3 - Stored Cross-Site Scripting via Photo Upload Function
CVSS 5.4
CVE-2024-44081
CRITICAL
8x8 jitsi_meet < 2.0.9779 - Cross-Site Scripting via Video File Sharing URL
CVSS 9.8
CVE-2024-44080
HIGH
8x8 jitsi_meet < 2.0.9779 - Cross-Site Scripting via Giphy Image URL
CVSS 7.5
CVE-2024-48461
MEDIUM
TeslaLogger Admin Panel <1.59.6 - XSS
CVSS 4.8
CVE-2024-9505
MEDIUM
Beaver Builder < 2.8.4.3 - Authenticated Stored Cross-Site Scripting via Button Widget
CVSS 6.4
CVE-2024-51076
MEDIUM
PHPGurukul Online DJ Booking Management System 1.0 - Reflected Cross-Site Scripting via Booking Search Parameter
CVSS 6.1
CVE-2024-51075
MEDIUM
PHPGurukul Online DJ Booking Management System 1.0 - Reflected Cross-Site Scripting via User Search Parameter
CVSS 6.1
CVE-2024-49634
HIGH
Rimon Habib BP Member Type Manager - XSS
CVSS 7.1
CVE-2024-49632
HIGH
Coral Web Design CWD 3D Image Gallery - XSS
CVSS 7.1
CVE-2024-47640
HIGH
weDevs WP ERP <= 1.13.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-10226
MEDIUM
Arconix Shortcodes <= 2.1.13 - Authenticated Stored Cross-Site Scripting via Box Shortcode
CVSS 6.4
CVE-2024-6581
CRITICAL
Lollms v9.9 - Cross-Site Scripting via SVG Upload in Discussion Image Function
CVSS 9.0
CVE-2024-51181
MEDIUM
PHPGurukul IFSC Code Finder Project 1.0 - Reflected Cross-Site Scripting via searchifsccode Parameter
CVSS 6.1
CVE-2024-51180
MEDIUM
PHPGurukul IFSC Code Finder Project 1.0 - Reflected Cross-Site Scripting via searchifsccode Parameter
CVSS 6.1
CVE-2024-49645
HIGH
Ilias Gomatos Affiliate Platform <1.4.8 - XSS
CVSS 7.1
CVE-2024-49643
HIGH
Abdullah Irfan Whitelist <3.5 - XSS
CVSS 7.1
CVE-2024-49641
HIGH
Tida URL Screenshot <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49640
HIGH
AmaderCode Lab ACL Floating Cart for WooCommerce - XSS
CVSS 7.1
Details
Vulnerabilities
45,435
Exploit Likelihood
High