CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-8499
MEDIUM
WooCommerce Checkout Manager <2.0.3 - XSS
CVSS 4.7
CVE-2024-9271
MEDIUM
RE < 1.0.2 - Cross-Site Scripting
CVSS 6.4
CVE-2024-9071
MEDIUM
Easy Demo Importer < 1.1.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9435
MEDIUM
ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting via URL Keys
CVSS 6.1
CVE-2024-9306
MEDIUM
WP Booking Calendar <= 10.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9242
MEDIUM
Memberful - Membership Plugin <= 1.73.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-8804
MEDIUM
Code Embed < 2.4 - Authenticated Stored Cross-Site Scripting via Script Embed Functionality
CVSS 6.4
CVE-2024-47854
MEDIUM
Veritas Data Insight < 7.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-9445
MEDIUM
Display Medium Posts <= 5.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-9421
MEDIUM
Login Logout Shortcode <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Class Parameter
CVSS 6.4
CVE-2024-9384
MEDIUM
WooCommerce Quantity Dynamic Pricing & Bulk Discounts <= 3.8.0 - Unauthenticated Reflected XSS
CVSS 6.1
CVE-2024-9375
MEDIUM
WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9372
MEDIUM
WP Blocks Hub <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9368
MEDIUM
Aggregator Advanced Settings < 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9353
MEDIUM
Popularis Extra <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-9349
MEDIUM
Auto Amazon Links <= 5.4.2 - Unauthenticated Reflected XSS via add_query_arg
CVSS 6.1
CVE-2024-9345
MEDIUM
Product Delivery Date for WooCommerce - Lite <= 2.7.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9237
MEDIUM
Fish and Ships < 1.5.9 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9204
MEDIUM
Smart Custom 404 Error Page <= 11.4.7 - Unauthenticated Reflected Cross-Site Scripting via REQUEST_URI
CVSS 6.1
CVE-2024-8802
MEDIUM
Clio Grow < 1.0.2 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8519
MEDIUM
Ultimate Member < 2.8.7 - Authenticated Stored Cross-Site Scripting via um_loggedin Shortcode
CVSS 6.4
CVE-2024-41591
MEDIUM
DrayTek Vigor3910 < 4.3.2.6 - Unauthenticated DOM-based Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-41587
MEDIUM
DrayTek Vigor310 Firmware < 4.3.2.6 - Authenticated Stored Cross-Site Scripting in Login Page Greeting
CVSS 5.4
CVE-2024-41584
MEDIUM
DrayTek Vigor3910 Firmware <= 4.3.2.6 - Authenticated Reflected Cross-Site Scripting via sFormAuthStr Parameter
CVSS 4.7
CVE-2024-41583
MEDIUM
DrayTek Vigor3910 Firmware < 4.3.2.6 - Authenticated Stored Cross-Site Scripting via Router Name
CVSS 4.7
Details
Vulnerabilities
45,456
Exploit Likelihood
High