CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-6575 MEDIUM
The Plus Addons for Elementor - WooCommerce <5.6.2 - XSS
CVSS 6.4
CVE-2024-5763 MEDIUM
The Plus Addons for Elementor < 5.6.3 - Authenticated Stored Cross-Site Scripting via Video Widget Date Attribute
CVSS 6.4
CVE-2024-7948 LOW
SourceCodester Accounts Manager App 1.0 - Cross-Site Scripting via Update Account Page
CVSS 3.5
CVE-2024-7945 LOW
Laravel Property Management System 1.0 - Cross-Site Scripting in Notes Page
CVSS 3.5
CVE-2024-7942 LOW
SourceCodester Leads Manager Tool 1.0 - Cross-Site Scripting via Phone Number Parameter
CVSS 3.5
CVE-2024-7929 MEDIUM
SourceCodester Simple Forum Website 1.0 - Cross-Site Scripting via Registration Username Parameter
CVSS 5.3
CVE-2024-43317 MEDIUM
Metagauss RegistrationMagic <6.0.1.0 - XSS
CVSS 4.3
CVE-2024-23729 MEDIUM
ColorOS Internet Browser 45.10.3.4.1 - Remote Code Execution via RealBrowserActivity Component
CVSS 6.1
CVE-2024-43400 CRITICAL
XWiki < 14.10.21 - Stored Cross-Site Scripting via Crafted URL
CVSS 9.0
CVE-2024-25582 MEDIUM
OX App Suite < 7.10.6-rev42 - Cross-Site Scripting via Savepoint Module
CVSS 5.4
CVE-2024-6843 MEDIUM
Chatbot with ChatGPT WP <2.4.5 - XSS
CVSS 6.1
CVE-2024-7916 LOW
life_insurance_management_system 1.0 - Cross-Site Scripting via Add Nominee Page Nominee-Client ID Parameter
CVSS 3.5
CVE-2024-7914 LOW
Yoga Class Registration System 1.0 - Cross-Site Scripting via SystemSettings.php Address Parameter
CVSS 3.5
CVE-2024-43294 MEDIUM
Bold Timeline Lite < 1.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43292 MEDIUM
EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce <1....
CVSS 5.9
CVE-2024-43291 MEDIUM
Void Contact Form 7 Widget For Elementor Page Builder <2.4.1 - XSS
CVSS 5.9
CVE-2024-43284 MEDIUM
WP Travel Gutenberg Blocks <3.5.1 - XSS
CVSS 6.5
CVE-2024-43279 HIGH
Tribulant Newsletters < 4.9.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43278 MEDIUM
Phi Phan Meta Field Block <1.2.13 - XSS
CVSS 6.5
CVE-2024-43267 MEDIUM
Mega Addons For Elementor <1.9 - XSS
CVSS 6.5
CVE-2024-43263 MEDIUM
Visual Composer Starter < 3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43262 MEDIUM
Busiprof <= 2.4.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-43246 HIGH
WHMpress < 6.2-revision-5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43244 HIGH
Houzez < 3.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-43241 HIGH
Ultimate Membership Pro <12.6 - XSS
CVSS 7.1
Details
Vulnerabilities 45,468
Exploit Likelihood High