CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,435 vulnerabilities with CWE-79
CVE-2024-49692
MEDIUM
AffiliateX <= 1.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-49679
MEDIUM
WPKoi Templates for Elementor <3.1.0 - XSS
CVSS 5.9
CVE-2024-49678
HIGH
Jinwen js paper < 2.5.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49673
HIGH
latex2html <= 2.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49670
HIGH
Sam Glover Client Power Tools Portal <1.8.6 - XSS
CVSS 7.1
CVE-2024-10266
MEDIUM
Premium Addons for Elementor <4.10.60 - XSS
CVSS 6.4
CVE-2024-10233
MEDIUM
SMS Alert Order Notifications < 3.7.5 - Authenticated Stored Cross-Site Scripting via sa_subscribe Shortcode
CVSS 6.4
CVE-2024-10185
MEDIUM
StreamWeasels YouTube Integration <1.3.2 - XSS
CVSS 6.4
CVE-2024-10184
MEDIUM
StreamWeasels Kick Integration <1.1.1 - XSS
CVSS 6.4
CVE-2024-9376
MEDIUM
Kata Plus - Addons for Elementor <= 1.4.7 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-10227
MEDIUM
WordPress affiliate-toolkit <3.6.5 - XSS
CVSS 6.4
CVE-2024-50426
MEDIUM
Survey Maker <= 5.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50418
MEDIUM
Time Slot Booking Time Slot <= 1.3.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50415
MEDIUM
Pagup Ads.Txt & App-ads.Txt Manager <1.1.7.1 - XSS
CVSS 5.9
CVE-2024-50414
MEDIUM
VirusTran Button contact VR <4.7.9.1 - XSS
CVSS 5.9
CVE-2024-50413
MEDIUM
Import and export users and customers <= 1.27.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50412
MEDIUM
Jules Colle Conditional Fields for Contact Form 7 <2.4.15 - XSS
CVSS 5.9
CVE-2024-50411
MEDIUM
WP Abstracts <= 2.7.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-49642
HIGH
Rafasashi Todo Custom Field <3.0.4 - XSS
CVSS 7.1
CVE-2024-45477
MEDIUM
Apache NiFi <1.28.0-<2.0.0-M4 - XSS
CVSS 4.6
CVE-2024-10048
MEDIUM
Post Status Notifier Lite and Premium <= 1.11.6 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-10000
MEDIUM
Masteriyo LMS - WordPress <1.13.3 - XSS
CVSS 6.4
CVE-2024-10479
LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Theme Management Module
CVSS 2.4
CVE-2024-10478
LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Edit Article Handler
CVSS 2.4
CVE-2024-10477
LOW
pb-cms < 2.0.1 - Cross-Site Scripting in Permission Management Page
CVSS 2.4
Details
Vulnerabilities
45,435
Exploit Likelihood
High