CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,440 vulnerabilities with CWE-79
CVE-2024-50449
MEDIUM
PDF Generator Addon for Elementor Page Builder <= 1.7.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50448
HIGH
YITH WooCommerce Product Add-Ons <= 4.14.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-50447
MEDIUM
Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.19 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50446
MEDIUM
Futurio Extra <= 2.0.11 - Cross-Site Scripting
CVSS 6.5
CVE-2024-50445
MEDIUM
merkulove Selection Lite <= 1.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50441
MEDIUM
Cozy Blocks <= 2.0.15 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50440
MEDIUM
CodePen Embedded Pens Shortcode <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50439
MEDIUM
Astra Widgets <= 1.2.14 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50438
HIGH
Church Admin < 5.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-50443
MEDIUM
WPXPO PostX <= 4.1.12 - Cross-Site Scripting
CVSS 6.5
CVE-2024-50582
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting in Markdown Elements
CVSS 4.6
CVE-2024-50581
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Cross-Site Scripting via Comment Tag
CVSS 4.6
CVE-2024-50580
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Markdown Parsing
CVSS 4.6
CVE-2024-50579
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Reflected Cross-Site Scripting via Insecure Link Sanitization
CVSS 4.6
CVE-2024-50578
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Sprint Value on Agile Boards Page
CVSS 4.6
CVE-2024-50577
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Angular Template Injection in Hub Settings
CVSS 4.6
CVE-2024-50576
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Stored Cross-Site Scripting via Vendor URL in App Manifest
CVSS 4.6
CVE-2024-50575
MEDIUM
JetBrains YouTrack < 2024.3.47707 - Reflected Cross-Site Scripting via Widget API
CVSS 5.4
CVE-2024-50502
MEDIUM
Cozy Blocks <= 2.0.18 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50501
MEDIUM
Kata Plus <= 1.4.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50472
MEDIUM
Amilia Store <= 2.9.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-50471
MEDIUM
Trip Plan <= 1.0.10 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-50470
MEDIUM
Themes4WP YouTube External Subtitles <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-10433
LOW
Project Worlds Simple Web-Based Chat Application 1.0 - Cross-Site Scripting via Name/Comment Parameter
CVSS 3.5
CVE-2024-10419
LOW
Blood Bank Management System 1.0 - Cross-Site Scripting via /bloodrequest.php msg Parameter
CVSS 3.5
Details
Vulnerabilities
45,440
Exploit Likelihood
High