CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 102 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-54390	WordPress Taggator	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator taggator allows Reflected XSS.This issue affects TagGator: from n/a through <= 1.54.
CVE-2024-54387	—	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through <= 2.2.
CVE-2024-54364	WordPress Feedpress Generator	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spartac Feedpress Generator feedpress-generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through <= 1.2.1.
CVE-2024-54358	WordPress 3d Avatar User Profile	Hig	0.46	7.1	Dec 16, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enrico Cantori 3D Avatar User Profile 3d-avatar-user-profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through <= 1.0.0.
CVE-2024-54347	WordPress Bakkbone Florist Companion	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2.0.
CVE-2024-54344	WordPress Wp Quick Shop	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1.
CVE-2024-54343	WordPress Connect Contact Form 7 To Constant Contact V3	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through <= 1.4.
CVE-2024-54342	—	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0.
CVE-2024-54341	WordPress Label Grid Tools	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58.
CVE-2024-54340	WordPress Simple Presenter	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1.
CVE-2024-54339	WordPress Geoflickr	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3.
CVE-2024-54335	WordPress Immotoolbox Connect	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3.
CVE-2024-54333	WordPress Check Pincode For Woocommerce	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through <= 1.1.
CVE-2024-54329	WordPress Clevernode Related Content	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through <= 1.1.5.
CVE-2024-54328	WordPress Invoice Payment For Woocommerce	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2.
CVE-2024-54327	WordPress Universam Demo	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59.
CVE-2024-54325	WordPress Cardealerpress	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through <= 6.6.2410.02.
CVE-2024-54324	WordPress Smsify	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mtomic SMSify smsify allows Reflected XSS.This issue affects SMSify: from n/a through <= 6.0.4.
CVE-2024-54322	WordPress Media Downloader	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.4.
CVE-2024-54320	WordPress Icdsoft Reseller Store	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through <= 2.4.5.

CVE-2024-54390HigDec 16, 2024
WordPress
Taggator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator taggator allows Reflected XSS.This issue affects TagGator: from n/a through <= 1.54.
CVE-2024-54387HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through <= 2.2.
CVE-2024-54364HigDec 16, 2024
WordPress
Feedpress Generator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spartac Feedpress Generator feedpress-generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through <= 1.2.1.
CVE-2024-54358HigDec 16, 2024
WordPress
3d Avatar User Profile
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enrico Cantori 3D Avatar User Profile 3d-avatar-user-profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through <= 1.0.0.
CVE-2024-54347HigDec 13, 2024
WordPress
Bakkbone Florist Companion
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2.0.
CVE-2024-54344HigDec 13, 2024
WordPress
Wp Quick Shop
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1.
CVE-2024-54343HigDec 13, 2024
WordPress
Connect Contact Form 7 To Constant Contact V3
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through <= 1.4.
CVE-2024-54342HigDec 13, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0.
CVE-2024-54341HigDec 13, 2024
WordPress
Label Grid Tools
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58.
CVE-2024-54340HigDec 13, 2024
WordPress
Simple Presenter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1.
CVE-2024-54339HigDec 13, 2024
WordPress
Geoflickr
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3.
CVE-2024-54335HigDec 13, 2024
WordPress
Immotoolbox Connect
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3.
CVE-2024-54333HigDec 13, 2024
WordPress
Check Pincode For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through <= 1.1.
CVE-2024-54329HigDec 13, 2024
WordPress
Clevernode Related Content
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup CleverNode Related Content clevernode-related-content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through <= 1.1.5.
CVE-2024-54328HigDec 13, 2024
WordPress
Invoice Payment For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2.
CVE-2024-54327HigDec 13, 2024
WordPress
Universam Demo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM universam-demo allows Reflected XSS.This issue affects UNIVERSAM: from n/a through < 8.59.
CVE-2024-54325HigDec 13, 2024
WordPress
Cardealerpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress cardealerpress allows Reflected XSS.This issue affects CarDealerPress: from n/a through <= 6.6.2410.02.
CVE-2024-54324HigDec 13, 2024
WordPress
Smsify
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mtomic SMSify smsify allows Reflected XSS.This issue affects SMSify: from n/a through <= 6.0.4.
CVE-2024-54322HigDec 13, 2024
WordPress
Media Downloader
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader media-downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through <= 0.4.7.4.
CVE-2024-54320HigDec 13, 2024
WordPress
Icdsoft Reseller Store
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icdsoft ICDSoft Reseller Store icdsoft-reseller-store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through <= 2.4.5.