CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 104 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-54231	WordPress Ni Woocommerce Order Export	Hig	0.46	7.1	Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through <= 3.1.6.
CVE-2024-54220	WordPress Fat Services Booking	Hig	0.46	7.1	Dec 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through <= 5.6.
CVE-2024-54219	WordPress Aio Contact	Hig	0.46	7.1	Dec 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
CVE-2023-49158	WordPress Ladipage	Hig	0.46	7.1	Dec 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4.
CVE-2024-54209	WordPress Awesome Shortcodes	Hig	0.46	7.1	Dec 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through <= 1.7.2.
CVE-2024-54208	WordPress Block Controller	Hig	0.46	7.1	Dec 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through <= 1.4.3.
CVE-2024-53821	WordPress Pie Register Premium	Hig	0.46	7.1	Dec 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVE-2024-53812	WordPress Wp Geonames	Hig	0.46	7.1	Dec 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through <= 1.8.
CVE-2024-53759	WordPress Arca Payment Gateway	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio ArCa Payment Gateway arca-payment-gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through <= 1.3.1.
CVE-2024-53740	WordPress Woocommerce Ultimate Gift Card	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through < 2.9.1.
CVE-2024-52484	—	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deepintowp Wc Recently viewed products wc-recently-viewed-products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through <= 1.0.1.
CVE-2024-52483	—	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Benic LeanPress leanpress allows Reflected XSS.This issue affects LeanPress: from n/a through <= 1.0.0.
CVE-2024-52482	WordPress Autopilot	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafalautopilot Ortto autopilot allows Reflected XSS.This issue affects Ortto: from n/a through <= 1.0.19.
CVE-2024-52469	WordPress Price Alert Woocommerce	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhrubok Infotech Services Ltd. WooCommerce Price Alert price-alert-woocommerce allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through <= 1.0.4.
CVE-2024-52468	WordPress Leadboxer	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through <= 1.3.
CVE-2024-52467	WordPress Ai Responsive Gallery Album	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through <= 1.4.
CVE-2024-52466	WordPress Explara Events	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events explara-events allows Reflected XSS.This issue affects Explara Events: from n/a through <= 0.1.3.
CVE-2024-52465	WordPress Lgpd Framework	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. LGPD Framework lgpd-framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through <= 2.0.2.
CVE-2024-52464	WordPress Amr Shortcodes	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes amr-shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through <= 1.7.
CVE-2024-52463	WordPress Post By Email	Hig	0.46	7.1	Dec 2, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Westwood Post By Email post-by-email allows Reflected XSS.This issue affects Post By Email: from n/a through <= 1.0.4b.

CVE-2024-54231HigDec 13, 2024
WordPress
Ni Woocommerce Order Export
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through <= 3.1.6.
CVE-2024-54220HigDec 9, 2024
WordPress
Fat Services Booking
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through <= 5.6.
CVE-2024-54219HigDec 9, 2024
WordPress
Aio Contact
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through <= 2.8.1.
CVE-2023-49158HigDec 9, 2024
WordPress
Ladipage
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4.
CVE-2024-54209HigDec 6, 2024
WordPress
Awesome Shortcodes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through <= 1.7.2.
CVE-2024-54208HigDec 6, 2024
WordPress
Block Controller
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through <= 1.4.3.
CVE-2024-53821HigDec 6, 2024
WordPress
Pie Register Premium
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVE-2024-53812HigDec 6, 2024
WordPress
Wp Geonames
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames wp-geonames allows Reflected XSS.This issue affects WP GeoNames: from n/a through <= 1.8.
CVE-2024-53759HigDec 2, 2024
WordPress
Arca Payment Gateway
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio ArCa Payment Gateway arca-payment-gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through <= 1.3.1.
CVE-2024-53740HigDec 2, 2024
WordPress
Woocommerce Ultimate Gift Card
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through < 2.9.1.
CVE-2024-52484HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deepintowp Wc Recently viewed products wc-recently-viewed-products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through <= 1.0.1.
CVE-2024-52483HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Benic LeanPress leanpress allows Reflected XSS.This issue affects LeanPress: from n/a through <= 1.0.0.
CVE-2024-52482HigDec 2, 2024
WordPress
Autopilot
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafalautopilot Ortto autopilot allows Reflected XSS.This issue affects Ortto: from n/a through <= 1.0.19.
CVE-2024-52469HigDec 2, 2024
WordPress
Price Alert Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhrubok Infotech Services Ltd. WooCommerce Price Alert price-alert-woocommerce allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through <= 1.0.4.
CVE-2024-52468HigDec 2, 2024
WordPress
Leadboxer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through <= 1.3.
CVE-2024-52467HigDec 2, 2024
WordPress
Ai Responsive Gallery Album
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through <= 1.4.
CVE-2024-52466HigDec 2, 2024
WordPress
Explara Events
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events explara-events allows Reflected XSS.This issue affects Explara Events: from n/a through <= 0.1.3.
CVE-2024-52465HigDec 2, 2024
WordPress
Lgpd Framework
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. LGPD Framework lgpd-framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through <= 2.0.2.
CVE-2024-52464HigDec 2, 2024
WordPress
Amr Shortcodes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes amr-shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through <= 1.7.
CVE-2024-52463HigDec 2, 2024
WordPress
Post By Email
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Westwood Post By Email post-by-email allows Reflected XSS.This issue affects Post By Email: from n/a through <= 1.0.4b.