CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,440 vulnerabilities with CWE-79
CVE-2024-10414
LOW
PHPGurukul Vehicle Record System 1.0 - Cross-Site Scripting via Brand Name Parameter
CVSS 2.4
CVE-2024-10412
LOW
Poco-z Guns-Medical 1.0 - Cross-Site Scripting via File Upload Picture Parameter
CVSS 3.5
CVE-2024-10117
MEDIUM
WP Crowdfunding <= 2.1.11 - Authenticated Stored Cross-Site Scripting via wpcf_donate Shortcode
CVSS 6.4
CVE-2024-9116
MEDIUM
Monkee-Boy Essentials <= 1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9967
MEDIUM
WP show more < 1.0.7 - Authenticated Stored Cross-Site Scripting via show_more Shortcode
CVSS 6.4
CVE-2024-9853
MEDIUM
ID-SK Toolkit plugin - WordPress <1.7.2 - XSS
CVSS 6.4
CVE-2024-9642
MEDIUM
Editor Custom Color Palette plugin <3.3.7 - XSS
CVSS 6.4
CVE-2024-9456
MEDIUM
WP Awesome Login <= 0.4.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8870
MEDIUM
Forms for Mailchimp by Optin Cat - Grow Your MailChimp List plugin ...
CVSS 6.1
CVE-2024-9613
MEDIUM
FormFacade WordPress Plugin <=1.3.6 - Unauthenticated XSS via userId/publishId
CVSS 6.1
CVE-2024-9462
MEDIUM
Poll Maker < 5.4.6 - Authenticated Stored Cross-Site Scripting via Poll Settings
CVSS 5.5
CVE-2024-9454
MEDIUM
PriPre plugin - WordPress <0.4.11 - XSS
CVSS 6.4
CVE-2024-10091
MEDIUM
ElementsKit Elementor Addons <3.2.9 - XSS
CVSS 6.4
CVE-2024-48239
MEDIUM
WTCMS 1.0 - Cross-Site Scripting in plupload Method
CVSS 4.8
CVE-2024-48228
MEDIUM
funadmin 5.0.2 - Stored Cross-Site Scripting via Attachh.php selectfiles Method
CVSS 6.1
CVE-2024-48396
MEDIUM
AIML Chatbot 1.0 - Cross-Site Scripting via Message Input Field
CVSS 6.1
CVE-2024-48233
MEDIUM
mipjz 5.0.5 - Cross-Site Scripting via ICP Parameter
CVSS 4.8
CVE-2024-37844
MEDIUM
MangoOS < 5.2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-9585
MEDIUM
Image Map Pro < 6.0.20 - Authenticated Stored Cross-Site Scripting via Save Project Function
CVSS 6.4
CVE-2024-48448
MEDIUM
Huly Platform 0.6.295 - Arbitrary File Upload and Remote Code Execution via Tracker Comments Page
CVSS 6.1
CVE-2024-48743
MEDIUM
Sentry 6.0.9 - Cross-Site Scripting via z Parameter
CVSS 6.5
CVE-2024-48654
MEDIUM
Blood Bank 1 - Stored Cross-Site Scripting via Login Component
CVSS 6.1
CVE-2024-49378
MEDIUM
smartUp 7.2.622.1170 - Universal Cross-Site Scripting
CVSS 6.1
CVE-2024-10374
MEDIUM
WP-Members Membership Plugin <= 3.4.9.5 - Authenticated Stored Cross-Site Scripting via wpmem_loginout Shortcode
CVSS 6.4
CVE-2024-8666
MEDIUM
Shoutcast Icecast HTML5 Radio Player <2.1.6 - XSS
CVSS 6.4
Details
Vulnerabilities
45,440
Exploit Likelihood
High