CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,440 vulnerabilities with CWE-79
CVE-2024-50449 MEDIUM
PDF Generator Addon for Elementor Page Builder <= 1.7.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50448 HIGH
YITH WooCommerce Product Add-Ons <= 4.14.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-50447 MEDIUM
Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.19 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50446 MEDIUM
Futurio Extra <= 2.0.11 - Cross-Site Scripting
CVSS 6.5
CVE-2024-50445 MEDIUM
merkulove Selection Lite <= 1.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50441 MEDIUM
Cozy Blocks <= 2.0.15 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50440 MEDIUM
CodePen Embedded Pens Shortcode <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50439 MEDIUM
Astra Widgets <= 1.2.14 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50438 HIGH
Church Admin < 5.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-50443 MEDIUM
WPXPO PostX <= 4.1.12 - Cross-Site Scripting
CVSS 6.5
CVE-2024-50582 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting in Markdown Elements
CVSS 4.6
CVE-2024-50581 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Cross-Site Scripting via Comment Tag
CVSS 4.6
CVE-2024-50580 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Markdown Parsing
CVSS 4.6
CVE-2024-50579 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Reflected Cross-Site Scripting via Insecure Link Sanitization
CVSS 4.6
CVE-2024-50578 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Sprint Value on Agile Boards Page
CVSS 4.6
CVE-2024-50577 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Angular Template Injection in Hub Settings
CVSS 4.6
CVE-2024-50576 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Vendor URL in App Manifest
CVSS 4.6
CVE-2024-50575 MEDIUM
JetBrains YouTrack < 2024.3.47707 - Reflected Cross-Site Scripting via Widget API
CVSS 5.4
CVE-2024-50502 MEDIUM
Cozy Blocks <= 2.0.18 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50501 MEDIUM
Kata Plus <= 1.4.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50472 MEDIUM
Amilia Store <= 2.9.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50471 MEDIUM
Trip Plan <= 1.0.10 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50470 MEDIUM
Themes4WP YouTube External Subtitles <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-10433 LOW
Project Worlds Simple Web-Based Chat Application 1.0 - Cross-Site Scripting via Name/Comment Parameter
CVSS 3.5
CVE-2024-10419 LOW
Blood Bank Management System 1.0 - Cross-Site Scripting via /bloodrequest.php msg Parameter
CVSS 3.5
Details
Vulnerabilities 45,440
Exploit Likelihood High