CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 101 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-56265	Wpwebelite Woocommerce Pdf Vouchers	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
CVE-2024-56233	WordPress Kintpv Connect	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kinhelios KinTPV WooConnect kintpv-connect allows Stored XSS.This issue affects KinTPV WooConnect: from n/a through <= 8.129.
CVE-2024-56228	WordPress Wish List For Woocommerce	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce.This issue affects Wishlist for WooCommerce: from n/a through <= 3.1.2.
CVE-2024-56226	Royal Elementor Addons Royal Elementor Addons	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56223	WordPress Gulri Slider	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Gulri Slider gulri-slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through <= 3.5.8.
CVE-2024-56210	WordPress Userpro	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through <= 5.1.9.
CVE-2024-56209	WordPress Kleo	Hig	0.46	7.1	Dec 31, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo kleo allows Reflected XSS.This issue affects Kleo: from n/a through < 5.4.4.
CVE-2024-56016	WordPress Image Mapper	Hig	0.46	7.1	Dec 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maartenhemmes Image Mapper image-mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through <= 0.2.5.3.
CVE-2024-56010	—	Hig	0.46	7.1	Dec 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Device Detector device-detector allows Reflected XSS.This issue affects Device Detector: from n/a through <= 4.2.0.
CVE-2024-54350	WordPress Hmd	Hig	0.46	7.1	Dec 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through <= 2.0.
CVE-2024-51646	WordPress Saoshyant Element	Hig	0.46	7.1	Dec 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saoshyant1994 Saoshyant Element saoshyant-element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through <= 1.2.
CVE-2024-49677	WordPress Bootstrap Buttons	Hig	0.46	7.1	Dec 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons bootstrap-buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through <= 1.2.
CVE-2024-54257	WordPress Tydskrif	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.
CVE-2024-54249	WordPress Advanced Options Editor	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
CVE-2024-54437	WordPress Jcarousel For Wordpress	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in koolkatwebdesigns jCarousel jcarousel-for-wordpress allows Stored XSS.This issue affects jCarousel: from n/a through <= 1.0.
CVE-2024-54424	WordPress Like On Vkontakte	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.This issue affects Like in Vk.com: from n/a through <= 0.5.2.
CVE-2024-54422	WordPress Evernote Sync	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through <= 3.0.0.
CVE-2024-54406	WordPress Comments On Feed	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Comments On Feed comments-on-feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through <= 1.2.1.
CVE-2024-54403	WordPress Visual Recent Posts	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through <= 1.2.3.
CVE-2024-54395	WordPress Increase Sociability	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in preblogging Increase Sociability increase-sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through <= 1.3.0.

CVE-2024-56265HigDec 31, 2024
Wpwebelite
Woocommerce Pdf Vouchers
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
CVE-2024-56233HigDec 31, 2024
WordPress
Kintpv Connect
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kinhelios KinTPV WooConnect kintpv-connect allows Stored XSS.This issue affects KinTPV WooConnect: from n/a through <= 8.129.
CVE-2024-56228HigDec 31, 2024
WordPress
Wish List For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce.This issue affects Wishlist for WooCommerce: from n/a through <= 3.1.2.
CVE-2024-56226HigDec 31, 2024
Royal Elementor Addons
Royal Elementor Addons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1001.
CVE-2024-56223HigDec 31, 2024
WordPress
Gulri Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Gulri Slider gulri-slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through <= 3.5.8.
CVE-2024-56210HigDec 31, 2024
WordPress
Userpro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through <= 5.1.9.
CVE-2024-56209HigDec 31, 2024
WordPress
Kleo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo kleo allows Reflected XSS.This issue affects Kleo: from n/a through < 5.4.4.
CVE-2024-56016HigDec 18, 2024
WordPress
Image Mapper
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maartenhemmes Image Mapper image-mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through <= 0.2.5.3.
CVE-2024-56010HigDec 18, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Device Detector device-detector allows Reflected XSS.This issue affects Device Detector: from n/a through <= 4.2.0.
CVE-2024-54350HigDec 18, 2024
WordPress
Hmd
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through <= 2.0.
CVE-2024-51646HigDec 18, 2024
WordPress
Saoshyant Element
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saoshyant1994 Saoshyant Element saoshyant-element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through <= 1.2.
CVE-2024-49677HigDec 18, 2024
WordPress
Bootstrap Buttons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons bootstrap-buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through <= 1.2.
CVE-2024-54257HigDec 16, 2024
WordPress
Tydskrif
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.
CVE-2024-54249HigDec 16, 2024
WordPress
Advanced Options Editor
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
CVE-2024-54437HigDec 16, 2024
WordPress
Jcarousel For Wordpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in koolkatwebdesigns jCarousel jcarousel-for-wordpress allows Stored XSS.This issue affects jCarousel: from n/a through <= 1.0.
CVE-2024-54424HigDec 16, 2024
WordPress
Like On Vkontakte
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.This issue affects Like in Vk.com: from n/a through <= 0.5.2.
CVE-2024-54422HigDec 16, 2024
WordPress
Evernote Sync
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through <= 3.0.0.
CVE-2024-54406HigDec 16, 2024
WordPress
Comments On Feed
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Comments On Feed comments-on-feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through <= 1.2.1.
CVE-2024-54403HigDec 16, 2024
WordPress
Visual Recent Posts
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through <= 1.2.3.
CVE-2024-54395HigDec 16, 2024
WordPress
Increase Sociability
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in preblogging Increase Sociability increase-sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through <= 1.3.0.