CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 103 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-54319	—	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6.
CVE-2024-54312	—	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.5.
CVE-2024-54305	WordPress Jt Express	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtexpress J&T Express Malaysia jt-express allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through <= 2.0.13.
CVE-2024-54303	WordPress Simple Payment	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment allows Reflected XSS.This issue affects Simple Payment: from n/a through <= 2.3.8.
CVE-2024-54302	WordPress V Form	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.0.0.
CVE-2024-54301	Formfacade Formfacade	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.6.
CVE-2024-54299	WordPress Revi Io Customer And Product Reviews	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through <= 5.7.3.
CVE-2024-54290	WordPress Role Includer	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer role-includer allows Reflected XSS.This issue affects Role Includer: from n/a through <= 1.6.
CVE-2024-54288	—	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite ldd-directory-lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through <= 3.3.
CVE-2024-54275	WordPress Csv To Html	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wibergsweb CSV to html csv-to-html allows Reflected XSS.This issue affects CSV to html: from n/a through <= 3.08.
CVE-2024-54274	WordPress Octrace Support	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through <= 1.2.7.
CVE-2024-54266	Imagerecycle Imagerecycle Pdf \& Image Compression	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression imagerecycle-pdf-image-compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through <= 3.1.16.
CVE-2024-54265	WordPress Barcode Scanner Lite Pos To Manage Products Inventory And Orders	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.6.
CVE-2024-54264	WordPress Ultimate Shortcodes Creator	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through <= 2.2.0.
CVE-2024-54240	WordPress Blaze Online Eparcel For Woocommerce	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazeonline Blaze Online eParcel for WooCommerce blaze-online-eparcel-for-woocommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through <= 1.3.3.
CVE-2024-54238	WordPress Board Document Manager From Chuhpl	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleveland Heights-University Heights Public Library Webdeveloper Board Document Manager from CHUHPL board-document-manager-from-chuhpl allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through <= 1.9.1.
CVE-2024-54237	WordPress Ni Crm Lead	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through <= 1.3.0.
CVE-2024-54236	WordPress Ni Woocommerce Product Editor	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Bulk Product Editor ni-woocommerce-product-editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through <= 1.4.5.
CVE-2024-54235	WordPress Shiptimize For Woocommerce	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86.
CVE-2024-54233	WordPress Advanced Control Manager	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in overclokk Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through <= 2.16.0.

CVE-2024-54319HigDec 13, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundgenerator Kundgenerator kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through <= 1.0.6.
CVE-2024-54312HigDec 13, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.5.
CVE-2024-54305HigDec 13, 2024
WordPress
Jt Express
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtexpress J&T Express Malaysia jt-express allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through <= 2.0.13.
CVE-2024-54303HigDec 13, 2024
WordPress
Simple Payment
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment allows Reflected XSS.This issue affects Simple Payment: from n/a through <= 2.3.8.
CVE-2024-54302HigDec 13, 2024
WordPress
V Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.0.0.
CVE-2024-54301HigDec 13, 2024
Formfacade
Formfacade
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.6.
CVE-2024-54299HigDec 13, 2024
WordPress
Revi Io Customer And Product Reviews
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through <= 5.7.3.
CVE-2024-54290HigDec 13, 2024
WordPress
Role Includer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer role-includer allows Reflected XSS.This issue affects Role Includer: from n/a through <= 1.6.
CVE-2024-54288HigDec 13, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite ldd-directory-lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through <= 3.3.
CVE-2024-54275HigDec 13, 2024
WordPress
Csv To Html
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wibergsweb CSV to html csv-to-html allows Reflected XSS.This issue affects CSV to html: from n/a through <= 3.08.
CVE-2024-54274HigDec 13, 2024
WordPress
Octrace Support
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through <= 1.2.7.
CVE-2024-54266HigDec 13, 2024
Imagerecycle
Imagerecycle Pdf \& Image Compression
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression imagerecycle-pdf-image-compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through <= 3.1.16.
CVE-2024-54265HigDec 13, 2024
WordPress
Barcode Scanner Lite Pos To Manage Products Inventory And Orders
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.6.
CVE-2024-54264HigDec 13, 2024
WordPress
Ultimate Shortcodes Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through <= 2.2.0.
CVE-2024-54240HigDec 13, 2024
WordPress
Blaze Online Eparcel For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazeonline Blaze Online eParcel for WooCommerce blaze-online-eparcel-for-woocommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through <= 1.3.3.
CVE-2024-54238HigDec 13, 2024
WordPress
Board Document Manager From Chuhpl
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cleveland Heights-University Heights Public Library Webdeveloper Board Document Manager from CHUHPL board-document-manager-from-chuhpl allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through <= 1.9.1.
CVE-2024-54237HigDec 13, 2024
WordPress
Ni Crm Lead
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through <= 1.3.0.
CVE-2024-54236HigDec 13, 2024
WordPress
Ni Woocommerce Product Editor
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Bulk Product Editor ni-woocommerce-product-editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through <= 1.4.5.
CVE-2024-54235HigDec 13, 2024
WordPress
Shiptimize For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86.
CVE-2024-54233HigDec 13, 2024
WordPress
Advanced Control Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in overclokk Advanced Control Manager for WordPress by ItalyStrap advanced-control-manager allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through <= 2.16.0.