CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,450 vulnerabilities with CWE-79
CVE-2024-9704
MEDIUM
Social Sharing (by Danny) <= 1.3.7 - Authenticated Stored Cross-Site Scripting via dvk_social_sharing Shortcode
CVSS 6.4
CVE-2024-9776
MEDIUM
ImagePress - Image Gallery <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9670
MEDIUM
2D Tag Cloud < 6.0.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9656
MEDIUM
Mynx Page Builder <= 0.27.8 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-7489
MEDIUM
Forms for Mailchimp by Optin Cat - Grow Your MailChimp List plugin ...
CVSS 4.4
CVE-2024-48937
MEDIUM
Znuny 6.0.0-6.0.10 and 7.0.1-7.0.16 - Stored Cross-Site Scripting in SLA Field Short Description
CVSS 6.1
CVE-2024-48041
MEDIUM
CM Tooltip Glossary <= 4.3.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44731
MEDIUM
Mirotalk - DOM-based Cross-Site Scripting via RTC Message Payload
CVSS 4.7
CVE-2024-47875
CRITICAL
DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS
CVSS 10.0
CVE-2024-9856
LOW
07flycms 1.3.8 - Cross-Site Scripting via Login Interface Copyright Parameter
CVSS 2.4
CVE-2024-9616
MEDIUM
BlockMeister - WordPress <3.1.10 - XSS
CVSS 6.1
CVE-2024-9611
MEDIUM
File Upload & Execution Time Limit <= 2.0 - Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9610
MEDIUM
Language Switcher <= 3.7.13 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9543
MEDIUM
PowerPress Podcasting <11.9.18 - XSS
CVSS 6.4
CVE-2024-9436
MEDIUM
PublishPress Revisions: Duplicate Posts <3.5.14 - XSS
CVSS 6.1
CVE-2024-9346
MEDIUM
Embed videos and respect privacy <= 1.2 - Unauthenticated Reflected Cross-Site Scripting via 'v' Parameter
CVSS 6.1
CVE-2024-9232
MEDIUM
Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Unauthenticated XSS via add_query_arg
CVSS 6.1
CVE-2024-9221
MEDIUM
Tainacan <= 0.21.10 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9211
MEDIUM
FULL - Cliente plugin <3.1.22 - XSS
CVSS 6.1
CVE-2024-9051
MEDIUM
WP Ultimate Post Grid <= 3.9.3 - Authenticated Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode
CVSS 6.4
CVE-2024-47872
MEDIUM
gradio < 5.0.0 - Stored Cross-Site Scripting via File Upload
CVSS 5.4
CVE-2024-9810
LOW
Record Management System 1.0 - Cross-Site Scripting via sort2_user.php Qualification Parameter
CVSS 3.5
CVE-2024-9807
LOW
classroombookings 2.8.7 - Cross-Site Scripting in Session Page via Name Argument
CVSS 2.4
CVE-2024-9806
LOW
Classroombookings <= 2.8.6 - Cross-Site Scripting via Room Page Name Field
CVSS 3.5
CVE-2024-9805
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Camps Details Page Parameter
CVSS 3.5
Details
Vulnerabilities
45,450
Exploit Likelihood
High