CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-9274 MEDIUM
Elastik Page Builder <= 0.27.4 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9272 MEDIUM
R Animated Icon Plugin <= 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9269 MEDIUM
Relogo <= 0.4.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9267 MEDIUM
Easy WordPress Subscribe - Optin Hound <1.4.3 - XSS
CVSS 6.1
CVE-2024-9119 MEDIUM
SVG Complete <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8990 MEDIUM
Geo Mashup <= 1.13.13 - Authenticated Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode
CVSS 6.4
CVE-2024-8989 MEDIUM
Free Responsive Testimonials <= 3.3.1 - Authenticated Stored XSS via stars_testimonials Shortcode
CVSS 6.4
CVE-2024-8728 MEDIUM
Easy Load More <= 1.0.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8727 MEDIUM
DK PDF plugin - WordPress <1.9.6 - XSS
CVSS 6.1
CVE-2024-8720 MEDIUM
RumbleTalk Live Group Chat - WordPress <6.3.0 - XSS
CVSS 6.4
CVE-2024-8718 MEDIUM
Gravity Forms Toolbar <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
CVE-2024-7869 HIGH
123.chat - Video Chat plugin for WordPress <1.3.1 - XSS
CVSS 7.2
CVE-2024-8107 MEDIUM
Slider Revolution <= 6.7.18 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-47396 MEDIUM
Move Addons for Elementor <1.3.3 - XSS
CVSS 6.5
CVE-2024-45073 MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 4.8
CVE-2024-9158 HIGH
Nessus Network Monitor < 6.5.0 - Authenticated Stored Cross-Site Scripting via Local CLI
CVSS 8.4
CVE-2024-47536 MEDIUM
starcitizen.tools/citizen < 2.31.0 - Stored Cross-Site Scripting via Real Name Field
CVSS 5.4
CVE-2024-47067 MEDIUM
AList < 3.29.0 - Reflected Cross-Site Scripting via /i/:link_name Endpoint
CVSS 6.1
CVE-2024-46475 MEDIUM
Metronic Admin Dashboard Template v2.0 - XSS
CVSS 4.8
CVE-2024-47064 MEDIUM
CVAT 2.16.0-2.18.9 - Cross-Site Request Forgery via Malicious URL
CVSS 6.1
CVE-2024-47063 MEDIUM
CVAT 2.4.7-2.18.9 - Cross-Site Scripting via Malicious Task URL
CVSS 6.1
CVE-2024-47641 MEDIUM
WPDeveloperr Confetti Fall Animation <1.3.0 - XSS
CVSS 6.5
CVE-2024-45920 MEDIUM
Solvait 24.4.2 - Stored Cross-Site Scripting in Interest Feature
CVSS 5.4
CVE-2024-8457 MEDIUM
PLANET Technology - Web App - Authenticated XSS
CVSS 4.8
CVE-2024-8536 MEDIUM
Ultimate Blocks < 3.2.2 - Stored Cross-Site Scripting via Block Attributes
CVSS 5.4
Details
Vulnerabilities 45,456
Exploit Likelihood High