CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-8499 MEDIUM
WooCommerce Checkout Manager <2.0.3 - XSS
CVSS 4.7
CVE-2024-9271 MEDIUM
RE < 1.0.2 - Cross-Site Scripting
CVSS 6.4
CVE-2024-9071 MEDIUM
Easy Demo Importer < 1.1.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9435 MEDIUM
ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting via URL Keys
CVSS 6.1
CVE-2024-9306 MEDIUM
WP Booking Calendar <= 10.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9242 MEDIUM
Memberful - Membership Plugin <= 1.73.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-8804 MEDIUM
Code Embed < 2.4 - Authenticated Stored Cross-Site Scripting via Script Embed Functionality
CVSS 6.4
CVE-2024-47854 MEDIUM
Veritas Data Insight < 7.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-9445 MEDIUM
Display Medium Posts <= 5.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9421 MEDIUM
Login Logout Shortcode <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Class Parameter
CVSS 6.4
CVE-2024-9384 MEDIUM
WooCommerce Quantity Dynamic Pricing & Bulk Discounts <= 3.8.0 - Unauthenticated Reflected XSS
CVSS 6.1
CVE-2024-9375 MEDIUM
WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9372 MEDIUM
WP Blocks Hub <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9368 MEDIUM
Aggregator Advanced Settings < 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9353 MEDIUM
Popularis Extra <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9349 MEDIUM
Auto Amazon Links <= 5.4.2 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9345 MEDIUM
Product Delivery Date for WooCommerce - Lite <= 2.7.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9237 MEDIUM
Fish and Ships < 1.5.9 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9204 MEDIUM
Smart Custom 404 Error Page <= 11.4.7 - Unauthenticated Reflected Cross-Site Scripting via REQUEST_URI
CVSS 6.1
CVE-2024-8802 MEDIUM
Clio Grow < 1.0.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8519 MEDIUM
Ultimate Member < 2.8.7 - Authenticated Stored Cross-Site Scripting via um_loggedin Shortcode
CVSS 6.4
CVE-2024-41591 MEDIUM
DrayTek Vigor3910 < 4.3.2.6 - Unauthenticated DOM-based Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-41587 MEDIUM
DrayTek Vigor310 Firmware < 4.3.2.6 - Authenticated Stored Cross-Site Scripting in Login Page Greeting
CVSS 5.4
CVE-2024-41584 MEDIUM
DrayTek Vigor3910 Firmware <= 4.3.2.6 - Authenticated Reflected Cross-Site Scripting via sFormAuthStr Parameter
CVSS 4.7
CVE-2024-41583 MEDIUM
DrayTek Vigor3910 Firmware < 4.3.2.6 - Authenticated Stored Cross-Site Scripting via Router Name
CVSS 4.7
Details
Vulnerabilities 45,456
Exploit Likelihood High