CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,445 vulnerabilities with CWE-79
CVE-2024-10192 LOW
PHPGurukul IFSC Code Finder Project 1.0 - XSS
CVSS 3.5
CVE-2024-10191 LOW
PHPGurukul Boat Booking System 1.0 - XSS
CVSS 3.5
CVE-2024-10155 LOW
PHPGurukul Boat Booking System 1.0 - XSS
CVSS 3.5
CVE-2024-10142 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting in /viewrequest.php
CVSS 3.5
CVE-2024-9897 MEDIUM
StreamWeasels Twitch Integration <= 1.8.6 - Authenticated Stored Cross-Site Scripting via sw-twitch-embed Shortcode
CVSS 6.4
CVE-2024-9219 MEDIUM
Social Share Buttons < 1.19 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9674 MEDIUM
Debrandify < 1.1.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-43300 MEDIUM
Movie Database <1.0.11 - Stored XSS
CVSS 5.9
CVE-2024-9425 MEDIUM
Advanced Category and Custom Taxonomy Image <= 1.0.9 - Stored XSS via ad_tax_image Shortcode
CVSS 6.4
CVE-2024-49241 MEDIUM
tady Tito tito <= 2.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-49240 HIGH
AB Categories Search Widget <= 0.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49239 HIGH
Add Categories Post Footer < 2.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49238 HIGH
ADIF Log Search Widget <= 1.0f - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49236 MEDIUM
Crazy Call To Action Box <= 1.0.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-49234 MEDIUM
Plexx Elementor Extension <= 1.3.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-49233 MEDIUM
MadrasThemes MAS Elementor <= 1.1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-49232 MEDIUM
El mejor Cluster <= 1.1.15 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-49231 MEDIUM
WordPress Video < 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-49230 MEDIUM
Ajax Custom CSS/JS <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2024-49228 MEDIUM
bVerse Convert <= 1.3.7.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-49225 MEDIUM
wpPricing Builder <= 1.5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-49224 HIGH
Mitm Bug Tracker <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-10057 MEDIUM
WordPress RSS Feed Widget <2.9.9 - XSS
CVSS 6.4
CVE-2024-47486 MEDIUM
HikCentral Master Lite < 2.3.0 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-10080 MEDIUM
WP Easy Post Types <= 1.4.4 - Authenticated Stored Cross-Site Scripting via Post Meta
CVSS 6.4
Details
Vulnerabilities 45,445
Exploit Likelihood High