CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,445 vulnerabilities with CWE-79
CVE-2024-43997 HIGH
EasyJobs < 2.4.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49397 CRITICAL
Elvaco M-Bus Metering Gateway CMe3100 >=1.12.1 <1.12.1 - Cross-Site Scripting
CVE-2024-9414 HIGH
LAquis SCADA 4.7.1.511 - Stored Cross-Site Scripting
CVE-2024-48046 MEDIUM
Supsystic Contact Form <1.7.28 - XSS
CVSS 5.9
CVE-2024-48036 MEDIUM
SKT Blocks <= 1.6 - Cross-Site Scripting
CVSS 6.5
CVE-2024-48032 HIGH
Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-48025 MEDIUM
DOGROW.NET Simple Baseball Scoreboard - XSS
CVSS 6.5
CVE-2024-48023 HIGH
RestaurantConnect, Inc Restaurant Reservations Widget - XSS
CVSS 7.1
CVE-2024-48022 MEDIUM
SysBasics Shortcode For Elementor Templates <1.0.0 - XSS
CVSS 6.5
CVE-2024-48021 HIGH
Contact Form 7 - PayPal & Stripe Add-on <2.3 - XSS
CVSS 7.1
CVE-2024-49320 HIGH
Dennis Hoppe Encyclopedia <1.7.60 - XSS
CVSS 7.1
CVE-2024-9898 MEDIUM
Parallax Image <= 1.8 - Authenticated Stored Cross-Site Scripting via dd-parallax Shortcode
CVSS 6.4
CVE-2024-9184 HIGH
SendPulse Free Web Push <1.3.6 - XSS
CVSS 7.2
CVE-2024-8920 MEDIUM
Fonto Custom Web Fonts Manager <1.2.1 - XSS
CVSS 6.4
CVE-2024-49392 MEDIUM
Acronis Cyber Files <9.0.0x24 - XSS
CVSS 4.8
CVE-2024-9951 MEDIUM
WP Photo Album Plus <8.8.05.003 - XSS
CVSS 6.1
CVE-2024-9213 MEDIUM
Persian WooCommerce SMS <7.0.2 - XSS
CVSS 6.1
CVE-2024-5429 HIGH
Logo Slider WordPress Plugin < 4.1.0 - Stored Cross-Site Scripting in Slider Settings
CVSS 7.6
CVE-2024-9347 MEDIUM
WP Extended <= 3.0.9 - Unauthenticated Reflected XSS via wpext-export
CVSS 6.1
CVE-2024-8719 MEDIUM
Flexmls IDX Plugin <= 3.14.22 - Unauthenticated Reflected Cross-Site Scripting via MaxBeds and MinBeds Parameters
CVSS 6.1
CVE-2024-49593 MEDIUM
Advanced Custom Fields < 6.3.9 - Stored Cross-Site Scripting in Field Group Editor
CVSS 5.3
CVE-2024-9940 MEDIUM
Calculated Fields Form <5.2.45 - XSS
CVSS 5.3
CVE-2024-9240 MEDIUM
ReDi Restaurant Reservation <24.0902 - XSS
CVSS 6.1
CVE-2024-47836 LOW
admidio < 4.3.12 - Unauthenticated Remote Code Execution via Unsafe Deserialization
CVSS 3.5
CVE-2024-46606 MEDIUM
Piwigo < 14.5.0 - Stored Cross-Site Scripting via Photo Description Field
CVSS 5.4
Details
Vulnerabilities 45,445
Exploit Likelihood High