CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,461 vulnerabilities with CWE-79
CVE-2024-44057 MEDIUM
CryoutCreations Nirvana < 1.6.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44056 MEDIUM
CryoutCreations Mantra < 3.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44054 MEDIUM
CryoutCreations Fluida <= 1.8.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44053 HIGH
Mohammad Arif Opor Ayam < 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-45460 MEDIUM
Flipping Cards <= 1.30 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-45459 HIGH
Product Slider for WooCommerce <= 1.13.50 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-45458 HIGH
Spiffy Calendar <= 4.9.13 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-45457 MEDIUM
Spiffy Calendar <= 4.9.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-45456 MEDIUM
JoomUnited WP Meta SEO <4.5.13 - XSS
CVSS 6.5
CVE-2024-45455 MEDIUM
JoomUnited WP Meta SEO <4.5.13 - XSS
CVSS 5.9
CVE-2024-44063 MEDIUM
Happyforms <= 1.26.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44062 MEDIUM
Custom Field Template <= 2.6.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44060 HIGH
Filmix < 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-8867 LOW
Perfex CRM 3.1.6 - Stored Cross-Site Scripting in Parameter Handler
CVSS 3.5
CVE-2024-8866 MEDIUM
AutoCMS 5.4 - Cross-Site Scripting via Sidebar Parameter in Robot.php
CVSS 4.3
CVE-2024-8863 LOW
aimstack aim < 3.24.0 - Stored Cross-Site Scripting in Text Explorer via dangerouslySetInnerHTML
CVSS 3.5
CVE-2024-8797 MEDIUM
WP Booking System - WordPress <2.0.19.8 - XSS
CVSS 6.1
CVE-2024-8724 MEDIUM
Waitlist Woocommerce < 2.7.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8783 LOW
OpenTibiaBR MyAAC <= 0.8.16 - Cross-Site Scripting via Post Reply Handler
CVSS 3.5
CVE-2024-39926 MEDIUM
Vaultwarden 1.30.3 - Authenticated Stored Cross-Site Scripting in Admin Dashboard
CVSS 5.4
CVE-2024-31414 MEDIUM
Eaton Foreseer Electrical Power Monitoring System < 7.8.600 - Stored Cross-Site Scripting in Dashboard Customization
CVSS 6.7
CVE-2024-44798 MEDIUM
phpgurukul Bus Pass Mgmt <1.0 - XSS
CVSS 4.8
CVE-2024-8747 MEDIUM
Email Obfuscate Shortcode <2.0 - XSS
CVSS 6.4
CVE-2024-8737 MEDIUM
WordPress PDF Thumbnail Generator <1.4 - XSS
CVSS 6.1
CVE-2024-8734 MEDIUM
Lucas String Replace <= 2.0.5 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
Details
Vulnerabilities 45,461
Exploit Likelihood High