CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,440 vulnerabilities with CWE-79
CVE-2024-10343
MEDIUM
Beek Widget Extention <= 0.9.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10112
MEDIUM
Simple News <= 2.8 - Authenticated Stored Cross-Site Scripting via News Shortcode
CVSS 6.4
CVE-2024-10016
MEDIUM
File Upload Types by WPForms <= 1.4.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-10342
MEDIUM
League of Legends Shortcodes <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-10150
MEDIUM
Bamazoo - Button Generator <1.0 - XSS
CVSS 6.4
CVE-2024-9607
MEDIUM
10Web Social Post Feed < 1.2.9 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-48870
MEDIUM
Toshibatec E-studio1058 Firmware < t1.01.h4.00 - XSS
CVSS 6.2
CVE-2024-47801
HIGH
Sharp/Toshiba Tec MFP - XSS
CVSS 7.4
CVE-2024-10148
MEDIUM
WordPress Awesome buttons plugin <1.0 - XSS
CVSS 6.4
CVE-2024-10348
LOW
Best House Rental Management System 1.0 - Cross-Site Scripting via Tenant Details Last Name Parameter
CVSS 3.5
CVE-2024-47882
MEDIUM
OpenRefine < 3.8.3 - Cross-Site Scripting in Error Page
CVSS 5.9
CVE-2024-47880
HIGH
OpenRefine < 3.8.3 - Stored Cross-Site Scripting via Export Rows Command
CVSS 8.1
CVE-2024-47878
HIGH
OpenRefine < 3.8.3 - Stored Cross-Site Scripting via State Parameter
CVSS 8.1
CVE-2024-46998
HIGH
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Edit Email Form Settings Feature
CVSS 7.1
CVE-2024-46996
MEDIUM
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Blog Posts Feature
CVSS 6.3
CVE-2024-46995
MEDIUM
baserCMS < 5.1.2 - Cross-Site Scripting via HTTP 400 Bad Request
CVSS 6.1
CVE-2024-46994
MEDIUM
baserCMS < 5.1.2 - Stored Cross-Site Scripting in Blog Posts and Contents List Feature
CVSS 5.4
CVE-2024-45031
MEDIUM
Apache Syncope 2.1.0-3.0.8 - Stored Cross-Site Scripting via Incomplete HTML Tag Bypass
CVSS 6.1
CVE-2024-49702
MEDIUM
myCRED myCred Elementor <1.2.6 - XSS
CVSS 6.5
CVE-2024-49696
MEDIUM
RoboSoft Robo Gallery <3.2.21 - XSS
CVSS 5.9
CVE-2024-49695
MEDIUM
Spiffy Plugins WP Flow Plus <5.2.3 - XSS
CVSS 6.5
CVE-2024-49693
MEDIUM
Kraftplugins Mega Elements <1.2.6 - XSS
CVSS 6.5
CVE-2024-10332
MEDIUM
Janto 4.3r11 - Cross-Site Scripting via /abonados/public/janto/main.php Endpoint
CVSS 6.1
CVE-2024-10180
MEDIUM
Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated Stored Cross-Site Scripting via field_group Shortcode
CVSS 6.4
CVE-2024-8959
MEDIUM
WP Adminify < 4.0.1.6 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
Details
Vulnerabilities
45,440
Exploit Likelihood
High