CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-9274
MEDIUM
Elastik Page Builder <= 0.27.4 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9272
MEDIUM
R Animated Icon Plugin <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9269
MEDIUM
Relogo <= 0.4.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9267
MEDIUM
Easy WordPress Subscribe - Optin Hound <1.4.3 - XSS
CVSS 6.1
CVE-2024-9119
MEDIUM
SVG Complete <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8990
MEDIUM
Geo Mashup <= 1.13.13 - Authenticated Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode
CVSS 6.4
CVE-2024-8989
MEDIUM
Free Responsive Testimonials <= 3.3.1 - Authenticated Stored XSS via stars_testimonials Shortcode
CVSS 6.4
CVE-2024-8728
MEDIUM
Easy Load More <= 1.0.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8727
MEDIUM
DK PDF plugin - WordPress <1.9.6 - XSS
CVSS 6.1
CVE-2024-8720
MEDIUM
RumbleTalk Live Group Chat - WordPress <6.3.0 - XSS
CVSS 6.4
CVE-2024-8718
MEDIUM
Gravity Forms Toolbar <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
CVE-2024-7869
HIGH
123.chat - Video Chat plugin for WordPress <1.3.1 - XSS
CVSS 7.2
CVE-2024-8107
MEDIUM
Slider Revolution <= 6.7.18 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-47396
MEDIUM
Move Addons for Elementor <1.3.3 - XSS
CVSS 6.5
CVE-2024-45073
MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 4.8
CVE-2024-9158
HIGH
Nessus Network Monitor < 6.5.0 - Authenticated Stored Cross-Site Scripting via Local CLI
CVSS 8.4
CVE-2024-47536
MEDIUM
starcitizen.tools/citizen < 2.31.0 - Stored Cross-Site Scripting via Real Name Field
CVSS 5.4
CVE-2024-47067
MEDIUM
AList < 3.29.0 - Reflected Cross-Site Scripting via /i/:link_name Endpoint
CVSS 6.1
CVE-2024-46475
MEDIUM
Metronic Admin Dashboard Template v2.0 - XSS
CVSS 4.8
CVE-2024-47064
MEDIUM
CVAT 2.16.0-2.18.9 - Cross-Site Request Forgery via Malicious URL
CVSS 6.1
CVE-2024-47063
MEDIUM
CVAT 2.4.7-2.18.9 - Cross-Site Scripting via Malicious Task URL
CVSS 6.1
CVE-2024-47641
MEDIUM
WPDeveloperr Confetti Fall Animation <1.3.0 - XSS
CVSS 6.5
CVE-2024-45920
MEDIUM
Solvait 24.4.2 - Stored Cross-Site Scripting in Interest Feature
CVSS 5.4
CVE-2024-8457
MEDIUM
PLANET Technology - Web App - Authenticated XSS
CVSS 4.8
CVE-2024-8536
MEDIUM
Ultimate Blocks < 3.2.2 - Stored Cross-Site Scripting via Block Attributes
CVSS 5.4
Details
Vulnerabilities
45,456
Exploit Likelihood
High