CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,456 vulnerabilities with CWE-79
CVE-2024-9027
MEDIUM
WPZOOM Shortcodes <= 1.0.5 - Authenticated Stored Cross-Site Scripting via Box Shortcode
CVSS 6.4
CVE-2024-9024
MEDIUM
Material Design Icons <= 0.0.5 - Authenticated Stored Cross-Site Scripting via mdi-icon Shortcode
CVSS 6.4
CVE-2024-8741
MEDIUM
Beam me up Scotty - WordPress <1.0.21 - XSS
CVSS 6.1
CVE-2024-8713
MEDIUM
Kodex Posts likes plugin - WordPress <2.5.0 - XSS
CVSS 6.1
CVE-2024-8549
MEDIUM
Simple Calendar - WordPress Plugin <3.4.2 - XSS
CVSS 6.1
CVE-2024-7617
HIGH
Contact Form to Any API <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Fields
CVSS 7.2
CVE-2024-9148
CRITICAL
Flowise < 2.1.1 - Stored Cross-Site Scripting in Chat Embed
CVSS 9.6
CVE-2024-9141
MEDIUM
Oct8ne - Stored Cross-Site Scripting via Chat Message Body
CVSS 5.4
CVE-2024-8942
MEDIUM
Scriptcase 9.4.019 - Cross-Site Scripting via id_form_msg_title Parameter
CVSS 6.3
CVE-2024-8919
MEDIUM
Confetti Fall Animation <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-8917
MEDIUM
AnWP Football Leagues <= 0.16.7 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8914
HIGH
Wordpress Thanh Toan Quet MA QR Code TU Dong < 2.0.1 - XSS
CVSS 7.2
CVE-2024-8291
MEDIUM
Concrete CMS <9.3.3 & <8.5.19 - Stored XSS
CVSS 4.8
CVE-2024-8267
MEDIUM
Radio Player < 2.0.78 - Authenticated Stored XSS via Gutenberg Block Align Attribute
CVSS 6.4
CVE-2024-8103
MEDIUM
WP Category Dropdown < 1.8 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2024-7398
MEDIUM
Concrete CMS < 8.5.19 and 9.0.0-9.3.3 - Stored Cross-Site Scripting in Calendar Event Name
CVSS 5.4
CVE-2024-47048
MEDIUM
Rocket.Chat < 6.7.9 - Stored Cross-Site Scripting in Marketplace App Description and Release Notes
CVSS 5.4
CVE-2024-46934
MEDIUM
Rocket.Chat < 6.7.9 - DOM-based Cross-Site Scripting via UpdateOTRAck Method
CVSS 6.1
CVE-2024-41725
HIGH
ProGauge MAGLINK LX CONSOLE Firmware < 3.4.2.2.6 and MAGLINK LX4 CONSOLE Firmware < 4.17.9e - Cross-Site Scripting
CVSS 8.8
CVE-2024-8628
MEDIUM
MailOptin < 1.2.70.3 - Authenticated Stored Cross-Site Scripting via Post-Meta Shortcode
CVSS 5.4
CVE-2024-8738
MEDIUM
Seriously Simple Stats <1.6.0 - XSS
CVSS 6.1
CVE-2024-8716
MEDIUM
WooCommerce XT Ajax Add To Cart <1.1.2 - XSS
CVSS 6.1
CVE-2024-8662
MEDIUM
Koko Analytics <= 1.3.12 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8657
MEDIUM
Garden Gnome Package <= 2.2.9 - Authenticated Stored Cross-Site Scripting via ggpkg Shortcode
CVSS 6.4
CVE-2024-8544
MEDIUM
Pixel Cat Conversion Pixel Manager <3.0.5 - XSS
CVSS 6.1
Details
Vulnerabilities
45,456
Exploit Likelihood
High