CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-9704 MEDIUM
Social Sharing (by Danny) <= 1.3.7 - Authenticated Stored Cross-Site Scripting via dvk_social_sharing Shortcode
CVSS 6.4
CVE-2024-9776 MEDIUM
ImagePress - Image Gallery <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9670 MEDIUM
2D Tag Cloud < 6.0.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9656 MEDIUM
Mynx Page Builder <= 0.27.8 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-7489 MEDIUM
Forms for Mailchimp by Optin Cat - Grow Your MailChimp List plugin ...
CVSS 4.4
CVE-2024-48937 MEDIUM
Znuny 6.0.0-6.0.10 and 7.0.1-7.0.16 - Stored Cross-Site Scripting in SLA Field Short Description
CVSS 6.1
CVE-2024-48041 MEDIUM
CM Tooltip Glossary <= 4.3.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44731 MEDIUM
Mirotalk - DOM-based Cross-Site Scripting via RTC Message Payload
CVSS 4.7
CVE-2024-47875 CRITICAL
DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS
CVSS 10.0
CVE-2024-9856 LOW
07flycms 1.3.8 - Cross-Site Scripting via Login Interface Copyright Parameter
CVSS 2.4
CVE-2024-9616 MEDIUM
BlockMeister - WordPress <3.1.10 - XSS
CVSS 6.1
CVE-2024-9611 MEDIUM
File Upload & Execution Time Limit <= 2.0 - Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9610 MEDIUM
Language Switcher <= 3.7.13 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9543 MEDIUM
PowerPress Podcasting <11.9.18 - XSS
CVSS 6.4
CVE-2024-9436 MEDIUM
PublishPress Revisions: Duplicate Posts <3.5.14 - XSS
CVSS 6.1
CVE-2024-9346 MEDIUM
Embed videos and respect privacy <= 1.2 - Unauthenticated Reflected Cross-Site Scripting via 'v' Parameter
CVSS 6.1
CVE-2024-9232 MEDIUM
Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Unauthenticated XSS via add_query_arg
CVSS 6.1
CVE-2024-9221 MEDIUM
Tainacan <= 0.21.10 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9211 MEDIUM
FULL - Cliente plugin <3.1.22 - XSS
CVSS 6.1
CVE-2024-9051 MEDIUM
WP Ultimate Post Grid <= 3.9.3 - Authenticated Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode
CVSS 6.4
CVE-2024-47872 MEDIUM
gradio < 5.0.0 - Stored Cross-Site Scripting via File Upload
CVSS 5.4
CVE-2024-9810 LOW
Record Management System 1.0 - Cross-Site Scripting via sort2_user.php Qualification Parameter
CVSS 3.5
CVE-2024-9807 LOW
classroombookings 2.8.7 - Cross-Site Scripting in Session Page via Name Argument
CVSS 2.4
CVE-2024-9806 LOW
Classroombookings <= 2.8.6 - Cross-Site Scripting via Room Page Name Field
CVSS 3.5
CVE-2024-9805 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Camps Details Page Parameter
CVSS 3.5
Details
Vulnerabilities 45,450
Exploit Likelihood High