CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,461 vulnerabilities with CWE-79
CVE-2024-8732 MEDIUM
Roles & Capabilities - WordPress <1.1.9 - XSS
CVSS 6.1
CVE-2024-8731 MEDIUM
Cron Jobs <= 1.2.9 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8730 MEDIUM
Exit Notifier plugin - WordPress <1.9.1 - XSS
CVSS 6.1
CVE-2024-8714 MEDIUM
SliceWP Affiliate Program Suite <= 1.1.20 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-5884 MEDIUM
Beauty < 1.1.4 - Authenticated Stored Cross-Site Scripting via tpl_featured_cat_id Parameter
CVSS 6.4
CVE-2024-5870 MEDIUM
Tweaker5 <= 1.2 - Authenticated Stored Cross-Site Scripting via Button Shortcode URL Parameter
CVSS 6.4
CVE-2024-5869 MEDIUM
Neighborly < 1.4 - Authenticated Stored Cross-Site Scripting via Button Shortcode URL Parameter
CVSS 6.4
CVE-2024-5867 MEDIUM
Delicate < 3.5.5 - Authenticated Stored Cross-Site Scripting via Button Shortcode Link Parameter
CVSS 6.4
CVE-2024-5789 MEDIUM
Triton Lite < 1.3 - Authenticated Stored Cross-Site Scripting via Button Shortcode URL Attribute
CVSS 6.4
CVE-2024-8742 MEDIUM
Essential Addons for Elementor <6.0.3 - XSS
CVSS 6.4
CVE-2024-8665 MEDIUM
YITH Custom Login <= 1.7.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8664 MEDIUM
WP Test Email <= 1.1.7 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-8663 MEDIUM
WP Simple Booking Calendar <2.0.10 - XSS
CVSS 6.1
CVE-2024-5567 MEDIUM
Betheme < 27.5.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-7133 MEDIUM
premio/my_sticky_bar < 2.7.3 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6850 MEDIUM
Carousel Slider < 2.2.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6617 MEDIUM
NinjaTeam Header Footer Custom Code <1.2 - XSS
CVSS 4.8
CVE-2024-6493 MEDIUM
NinjaTeam Header Footer Custom Code WordPress <1.2 - XSS
CVSS 4.8
CVE-2024-5628 MEDIUM
Avada | Website Builder For WordPress & eCommerce <3.11.9 - XSS
CVSS 6.4
CVE-2024-8656 MEDIUM
WPFactory Helper <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-45303 MEDIUM
Discourse Calendar < 0.5 - Cross-Site Scripting in Event Name Rendering
CVSS 6.1
CVE-2024-34335 MEDIUM
ordat.erp < 2.24.01 - Reflected Cross-Site Scripting via Login Page
CVSS 6.1
CVE-2024-8696 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Malicious Extension Publisher URL
CVSS 9.8
CVE-2024-8695 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Crafted Extension Description/Changelog
CVSS 9.8
CVE-2024-6702 MEDIUM
Pega Infinity 8.1-24.1.2 - HTML Injection in Stage
CVSS 5.2
Details
Vulnerabilities 45,461
Exploit Likelihood High