CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 100 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-56267	WordPress Interactive Uk Map	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through <= 3.4.8.
CVE-2024-56026	WordPress Simple Proxy	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through <= 1.0.
CVE-2024-56025	WordPress Adwork Media Ez Content Locker	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adworkmedia AdWork Media EZ Content Locker adwork-media-ez-content-locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through <= 3.0.
CVE-2024-56024	WordPress Create Custom Dashboard Widget	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget create-custom-dashboard-widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through <= 1.0.0.
CVE-2024-56023	WordPress Wp Ecommerce Quickpay	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PerfectSolution WP eCommerce Quickpay wp-ecommerce-quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through <= 1.1.0.
CVE-2024-56022	WordPress Preloader Sws	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters preloader-sws allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through <= 1.2.3.
CVE-2024-56018	WordPress Bu Section Editing	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Section Editing bu-section-editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through <= 0.9.9.
CVE-2024-56069	WordPress Indeed Wp Superbackup	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
CVE-2024-56060	WordPress HTML Forms	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1.
CVE-2024-56038	WordPress Sendsms	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catalinsendsms SendSMS sendsms allows Reflected XSS.This issue affects SendSMS: from n/a through <= 1.2.9.
CVE-2024-56037	—	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftClever Limited User Referral user-referral-free allows Reflected XSS.This issue affects User Referral: from n/a through <= 8.0.
CVE-2024-56036	WordPress Od Photogallery Plugin	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery od-photogallery-plugin allows Reflected XSS.This issue affects odPhotogallery: from n/a through <= 0.5.3.
CVE-2024-56035	WordPress Upload Scanner	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kurt Payne Upload Scanner upload-scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through <= 1.2.
CVE-2024-56034	WordPress Service Updates For Customers	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad A.Khan Services updates for customers service-updates-for-customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through <= 1.0.
CVE-2024-56033	—	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Reflected XSS.This issue affects FAQs: from n/a through <= 1.0.2.
CVE-2024-56032	WordPress Fv Descriptions	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Descriptions fv-descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through <= 1.4.
CVE-2024-56030	WordPress 10centmail Subscription Management And Analytics	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carver Lab 10CentMail 10centmail-subscription-management-and-analytics allows Reflected XSS.This issue affects 10CentMail: from n/a through <= 2.1.50.
CVE-2024-56029	WordPress Easy Language Switcher	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through <= 1.0.
CVE-2024-56028	WordPress Lemonade Sna Pinterest Edition	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through <= 2.0.
CVE-2024-56027	—	Hig	0.46	7.1	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bizswoop Leads CRM leads-crm allows Reflected XSS.This issue affects Leads CRM: from n/a through <= 2.0.13.

CVE-2024-56267HigJan 2, 2025
WordPress
Interactive Uk Map
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through <= 3.4.8.
CVE-2024-56026HigJan 2, 2025
WordPress
Simple Proxy
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through <= 1.0.
CVE-2024-56025HigJan 2, 2025
WordPress
Adwork Media Ez Content Locker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adworkmedia AdWork Media EZ Content Locker adwork-media-ez-content-locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through <= 3.0.
CVE-2024-56024HigJan 2, 2025
WordPress
Create Custom Dashboard Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget create-custom-dashboard-widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through <= 1.0.0.
CVE-2024-56023HigJan 2, 2025
WordPress
Wp Ecommerce Quickpay
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PerfectSolution WP eCommerce Quickpay wp-ecommerce-quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through <= 1.1.0.
CVE-2024-56022HigJan 2, 2025
WordPress
Preloader Sws
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters preloader-sws allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through <= 1.2.3.
CVE-2024-56018HigJan 2, 2025
WordPress
Bu Section Editing
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Section Editing bu-section-editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through <= 0.9.9.
CVE-2024-56069HigJan 2, 2025
WordPress
Indeed Wp Superbackup
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
CVE-2024-56060HigJan 2, 2025
WordPress
HTML Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1.
CVE-2024-56038HigJan 2, 2025
WordPress
Sendsms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catalinsendsms SendSMS sendsms allows Reflected XSS.This issue affects SendSMS: from n/a through <= 1.2.9.
CVE-2024-56037HigJan 2, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftClever Limited User Referral user-referral-free allows Reflected XSS.This issue affects User Referral: from n/a through <= 8.0.
CVE-2024-56036HigJan 2, 2025
WordPress
Od Photogallery Plugin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery od-photogallery-plugin allows Reflected XSS.This issue affects odPhotogallery: from n/a through <= 0.5.3.
CVE-2024-56035HigJan 2, 2025
WordPress
Upload Scanner
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kurt Payne Upload Scanner upload-scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through <= 1.2.
CVE-2024-56034HigJan 2, 2025
WordPress
Service Updates For Customers
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad A.Khan Services updates for customers service-updates-for-customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through <= 1.0.
CVE-2024-56033HigJan 2, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Reflected XSS.This issue affects FAQs: from n/a through <= 1.0.2.
CVE-2024-56032HigJan 2, 2025
WordPress
Fv Descriptions
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Descriptions fv-descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through <= 1.4.
CVE-2024-56030HigJan 2, 2025
WordPress
10centmail Subscription Management And Analytics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carver Lab 10CentMail 10centmail-subscription-management-and-analytics allows Reflected XSS.This issue affects 10CentMail: from n/a through <= 2.1.50.
CVE-2024-56029HigJan 2, 2025
WordPress
Easy Language Switcher
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through <= 1.0.
CVE-2024-56028HigJan 2, 2025
WordPress
Lemonade Sna Pinterest Edition
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through <= 2.0.
CVE-2024-56027HigJan 2, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bizswoop Leads CRM leads-crm allows Reflected XSS.This issue affects Leads CRM: from n/a through <= 2.0.13.