CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,456 vulnerabilities with CWE-79
CVE-2024-9117 MEDIUM
Mapplic Lite < 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9115 MEDIUM
Common Tools for Site <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8872 MEDIUM
Store Hours for WooCommerce < 4.3.20 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8861 MEDIUM
ProfileGrid <= 5.9.3.2 - Authenticated Stored XSS via wp_kses_allowed_html Misconfiguration
CVSS 6.4
CVE-2024-6517 MEDIUM
Contact Form 7 Math Captcha <2.0.1 - XSS
CVSS 6.1
CVE-2024-45836 MEDIUM
PLANEX COMMUNICATIONS CS-QR Series Firmware - Stored Cross-Site Scripting via Web Management Page
CVSS 6.1
CVE-2024-8803 MEDIUM
Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-8723 MEDIUM
012 Ps Multi Languages plugin <1.7 - XSS
CVSS 6.4
CVE-2024-46655 MEDIUM
Ellevo 6.2.0.38160 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-20475 MEDIUM
Cisco Catalyst SD-WAN Manager - XSS
CVSS 6.4
CVE-2024-43959 HIGH
Themepoints Testimonials <3.0.8 - XSS
CVSS 7.1
CVE-2024-45613 MEDIUM
CKEditor 5 40.0.0-43.1.1 - Cross-Site Scripting via Clipboard Package with Block Toolbar
CVSS 6.1
CVE-2024-8546 MEDIUM
ElementsKit Elementor addons <3.2.7 - XSS
CVSS 6.4
CVE-2024-4657 CRITICAL
Talent Software BAP Automation <30840 - XSS
CVE-2024-8858 MEDIUM
Livemesh Addons by Elementor <= 8.5 - Authenticated Stored Cross-Site Scripting via Piechart Settings Parameter
CVSS 6.4
CVE-2024-9169 MEDIUM
LiteSpeed Cache <= 6.4.1 - Authenticated Stored Cross-Site Scripting via Debug Settings
CVSS 5.5
CVE-2024-47303 MEDIUM
Livemesh Addons for Elementor <8.5 - XSS
CVSS 6.5
CVE-2024-3866 MEDIUM
Ninja Forms < 3.8.16 - Reflected Cross-Site Scripting via Referer Header
CVSS 4.7
CVE-2024-7878 MEDIUM
WP ULike < 4.7.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8668 MEDIUM
ShopLentor - WooCommerce Builder - XSS
CVSS 6.4
CVE-2024-8515 MEDIUM
Themesflat Addons For Elementor <2.2.1 - XSS
CVSS 6.4
CVE-2024-9073 MEDIUM
GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9069 MEDIUM
Graphicsly < 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9068 MEDIUM
OneElements - Best Elementor Addons < 1.3.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9028 MEDIUM
WP GPX Maps <= 1.7.08 - Authenticated Stored Cross-Site Scripting via 'sgpx' Shortcode
CVSS 6.4
Details
Vulnerabilities 45,456
Exploit Likelihood High