CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-44779 CRITICAL
vtiger CRM 7.4.0 - Reflected Cross-Site Scripting via Viewname Parameter
CVSS 9.6
CVE-2024-44778 CRITICAL
vtiger CRM 7.4.0 - Reflected Cross-Site Scripting via Parent Parameter
CVSS 9.6
CVE-2024-44777 CRITICAL
vtiger CRM 7.4.0 - Reflected Cross-Site Scripting via Tag Parameter
CVSS 9.6
CVE-2024-44717 MEDIUM
DedeBIZ 6.3.0 - Cross-Site Scripting
CVSS 6.1
CVE-2024-44716 MEDIUM
DedeBIZ 6.3.0 - Cross-Site Scripting
CVSS 6.1
CVE-2024-43964 MEDIUM
DSGVO All in one for WP < 4.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43963 HIGH
WaspThemes YellowPencil Visual CSS Style Editor <= 7.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43961 MEDIUM
azurecurve Toggle Show/Hide <= 2.1.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43960 MEDIUM
Web and WooCommerce Addons for WPBakery Builder <= 1.4.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43958 HIGH
Gianni Porto IntoTheDark < 1.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43953 MEDIUM
Classic Addons - WPBakery Page Builder <= 3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43952 MEDIUM
CryoutCreations Esotera <= 1.2.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43951 MEDIUM
CryoutCreations Tempera <= 1.8.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43950 HIGH
Nextbricks Bricksore < 1.4.2.5 - XSS
CVSS 7.1
CVE-2024-43949 MEDIUM
Automattic GHActivity <= 2.0.0-alpha - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43948 HIGH
Dinesh Karki WP Armour Extended <= 1.26 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43946 MEDIUM
SKT Blocks < 1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43936 MEDIUM
WPDeveloper EmbedPress <= 4.0.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43935 MEDIUM
WP Delicious Delicious Recipes - WordPress Recipe Plugin <= 1.6.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43934 MEDIUM
Collapsing Archives <= 3.0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43926 HIGH
Beaver Builder < 2.8.3.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-45045 MEDIUM
Collabora Online < 24.04.6.2 - Cross-Site Scripting via URL-Encoded Link Values
CVSS 6.3
CVE-2024-44919 MEDIUM
SeaCMS 12.9 - Stored Cross-Site Scripting in admin_ads.php via Ad Description Parameter
CVSS 5.4
CVE-2024-1056 MEDIUM
FunnelKit Funnel Builder Pro <= 3.4.5 - Authenticated Stored XSS via 'allow_iframe_tag_in_post'
CVSS 6.4
CVE-2024-1384 MEDIUM
Averta Auxinportfolio < 2.3.3 - XSS
CVSS 6.4
Details
Vulnerabilities 45,468
Exploit Likelihood High