CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,435 vulnerabilities with CWE-79
CVE-2024-49692 MEDIUM
AffiliateX <= 1.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-49679 MEDIUM
WPKoi Templates for Elementor <3.1.0 - XSS
CVSS 5.9
CVE-2024-49678 HIGH
Jinwen js paper < 2.5.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49673 HIGH
latex2html <= 2.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49670 HIGH
Sam Glover Client Power Tools Portal <1.8.6 - XSS
CVSS 7.1
CVE-2024-10266 MEDIUM
Premium Addons for Elementor <4.10.60 - XSS
CVSS 6.4
CVE-2024-10233 MEDIUM
SMS Alert Order Notifications < 3.7.5 - Authenticated Stored Cross-Site Scripting via sa_subscribe Shortcode
CVSS 6.4
CVE-2024-10185 MEDIUM
StreamWeasels YouTube Integration <1.3.2 - XSS
CVSS 6.4
CVE-2024-10184 MEDIUM
StreamWeasels Kick Integration <1.1.1 - XSS
CVSS 6.4
CVE-2024-9376 MEDIUM
Kata Plus - Addons for Elementor <= 1.4.7 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-10227 MEDIUM
WordPress affiliate-toolkit <3.6.5 - XSS
CVSS 6.4
CVE-2024-50426 MEDIUM
Survey Maker <= 5.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50418 MEDIUM
Time Slot Booking Time Slot <= 1.3.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50415 MEDIUM
Pagup Ads.Txt & App-ads.Txt Manager <1.1.7.1 - XSS
CVSS 5.9
CVE-2024-50414 MEDIUM
VirusTran Button contact VR <4.7.9.1 - XSS
CVSS 5.9
CVE-2024-50413 MEDIUM
Import and export users and customers <= 1.27.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50412 MEDIUM
Jules Colle Conditional Fields for Contact Form 7 <2.4.15 - XSS
CVSS 5.9
CVE-2024-50411 MEDIUM
WP Abstracts <= 2.7.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-49642 HIGH
Rafasashi Todo Custom Field <3.0.4 - XSS
CVSS 7.1
CVE-2024-45477 MEDIUM
Apache NiFi <1.28.0-<2.0.0-M4 - XSS
CVSS 4.6
CVE-2024-10048 MEDIUM
Post Status Notifier Lite and Premium <= 1.11.6 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-10000 MEDIUM
Masteriyo LMS - WordPress <1.13.3 - XSS
CVSS 6.4
CVE-2024-10479 LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Theme Management Module
CVSS 2.4
CVE-2024-10478 LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Edit Article Handler
CVSS 2.4
CVE-2024-10477 LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Permission Management Page
CVSS 2.4
Details
Vulnerabilities 45,435
Exploit Likelihood High