CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-9117
MEDIUM
Mapplic Lite < 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9115
MEDIUM
Common Tools for Site <= 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8872
MEDIUM
Store Hours for WooCommerce < 4.3.20 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8861
MEDIUM
ProfileGrid <= 5.9.3.2 - Authenticated Stored XSS via wp_kses_allowed_html Misconfiguration
CVSS 6.4
CVE-2024-6517
MEDIUM
Contact Form 7 Math Captcha <2.0.1 - XSS
CVSS 6.1
CVE-2024-45836
MEDIUM
PLANEX COMMUNICATIONS CS-QR Series Firmware - Stored Cross-Site Scripting via Web Management Page
CVSS 6.1
CVE-2024-8803
MEDIUM
Bulk NoIndex & NoFollow Toolkit <= 2.15 - Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-8723
MEDIUM
012 Ps Multi Languages plugin <1.7 - XSS
CVSS 6.4
CVE-2024-46655
MEDIUM
Ellevo 6.2.0.38160 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-20475
MEDIUM
Cisco Catalyst SD-WAN Manager - XSS
CVSS 6.4
CVE-2024-43959
HIGH
Themepoints Testimonials <3.0.8 - XSS
CVSS 7.1
CVE-2024-45613
MEDIUM
CKEditor 5 40.0.0-43.1.1 - Cross-Site Scripting via Clipboard Package with Block Toolbar
CVSS 6.1
CVE-2024-8546
MEDIUM
ElementsKit Elementor addons <3.2.7 - XSS
CVSS 6.4
CVE-2024-4657
CRITICAL
Talent Software BAP Automation <30840 - XSS
CVE-2024-8858
MEDIUM
Livemesh Addons by Elementor <= 8.5 - Authenticated Stored Cross-Site Scripting via Piechart Settings Parameter
CVSS 6.4
CVE-2024-9169
MEDIUM
LiteSpeed Cache <= 6.4.1 - Authenticated Stored Cross-Site Scripting via Debug Settings
CVSS 5.5
CVE-2024-47303
MEDIUM
Livemesh Addons for Elementor <8.5 - XSS
CVSS 6.5
CVE-2024-3866
MEDIUM
Ninja Forms < 3.8.16 - Reflected Cross-Site Scripting via Referer Header
CVSS 4.7
CVE-2024-7878
MEDIUM
WP ULike < 4.7.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8668
MEDIUM
ShopLentor - WooCommerce Builder - XSS
CVSS 6.4
CVE-2024-8515
MEDIUM
Themesflat Addons For Elementor <2.2.1 - XSS
CVSS 6.4
CVE-2024-9073
MEDIUM
GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9069
MEDIUM
Graphicsly < 1.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9068
MEDIUM
OneElements - Best Elementor Addons < 1.3.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9028
MEDIUM
WP GPX Maps <= 1.7.08 - Authenticated Stored Cross-Site Scripting via 'sgpx' Shortcode
CVSS 6.4
Details
Vulnerabilities
45,456
Exploit Likelihood
High