CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,440 vulnerabilities with CWE-79
CVE-2024-10343 MEDIUM
Beek Widget Extention <= 0.9.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10112 MEDIUM
Simple News <= 2.8 - Authenticated Stored Cross-Site Scripting via News Shortcode
CVSS 6.4
CVE-2024-10016 MEDIUM
File Upload Types by WPForms <= 1.4.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10342 MEDIUM
League of Legends Shortcodes <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10150 MEDIUM
Bamazoo - Button Generator <1.0 - XSS
CVSS 6.4
CVE-2024-9607 MEDIUM
10Web Social Post Feed < 1.2.9 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-48870 MEDIUM
Toshibatec E-studio1058 Firmware < t1.01.h4.00 - XSS
CVSS 6.2
CVE-2024-47801 HIGH
Sharp/Toshiba Tec MFP - XSS
CVSS 7.4
CVE-2024-10148 MEDIUM
WordPress Awesome buttons plugin <1.0 - XSS
CVSS 6.4
CVE-2024-10348 LOW
Best House Rental Management System 1.0 - Cross-Site Scripting via Tenant Details Last Name Parameter
CVSS 3.5
CVE-2024-47882 MEDIUM
OpenRefine < 3.8.3 - Cross-Site Scripting in Error Page
CVSS 5.9
CVE-2024-47880 HIGH
OpenRefine < 3.8.3 - Stored Cross-Site Scripting via Export Rows Command
CVSS 8.1
CVE-2024-47878 HIGH
OpenRefine < 3.8.3 - Stored Cross-Site Scripting via State Parameter
CVSS 8.1
CVE-2024-46998 HIGH
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Edit Email Form Settings Feature
CVSS 7.1
CVE-2024-46996 MEDIUM
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Blog Posts Feature
CVSS 6.3
CVE-2024-46995 MEDIUM
baserCMS < 5.1.2 - Cross-Site Scripting via HTTP 400 Bad Request
CVSS 6.1
CVE-2024-46994 MEDIUM
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Blog Posts and Contents List Feature
CVSS 5.4
CVE-2024-45031 MEDIUM
Apache Syncope 2.1.0-3.0.8 - Stored Cross-Site Scripting via Incomplete HTML Tag Bypass
CVSS 6.1
CVE-2024-49702 MEDIUM
myCRED myCred Elementor <1.2.6 - XSS
CVSS 6.5
CVE-2024-49696 MEDIUM
RoboSoft Robo Gallery <3.2.21 - XSS
CVSS 5.9
CVE-2024-49695 MEDIUM
Spiffy Plugins WP Flow Plus <5.2.3 - XSS
CVSS 6.5
CVE-2024-49693 MEDIUM
Kraftplugins Mega Elements <1.2.6 - XSS
CVSS 6.5
CVE-2024-10332 MEDIUM
Janto 4.3r11 - Cross-Site Scripting via /abonados/public/janto/main.php Endpoint
CVSS 6.1
CVE-2024-10180 MEDIUM
Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated Stored Cross-Site Scripting via field_group Shortcode
CVSS 6.4
CVE-2024-8959 MEDIUM
WP Adminify < 4.0.1.6 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
Details
Vulnerabilities 45,440
Exploit Likelihood High