CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,306)

page 106 of 966

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-50522	—	Hig	0.46	7.1	Nov 19, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through <= 1.6.6.
CVE-2024-50519	WordPress Jigoshop Exporter	Hig	0.46	7.1	Nov 19, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Jigoshop – Store Exporter jigoshop-exporter allows Reflected XSS.This issue affects Jigoshop – Store Exporter: from n/a through <= 1.5.8.
CVE-2024-52418	WordPress Gameplan	Hig	0.46	7.1	Nov 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10.
CVE-2024-52417	WordPress Reconstruction	Hig	0.46	7.1	Nov 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes ReConstruction reconstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through <= 1.4.7.
CVE-2024-51706	WordPress Uw Freelancer	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Upeksha Wisidagama UW Freelancer uw-freelancer allows Reflected XSS.This issue affects UW Freelancer: from n/a through <= 0.1.
CVE-2024-51705	WordPress Wp Mmenu Lite	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP MMenu Lite wp-mmenu-lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through <= 1.0.0.
CVE-2024-51704	WordPress Wp Js Impress	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Hanusek imPress wp-js-impress allows Reflected XSS.This issue affects imPress: from n/a through <= 0.1.4.
CVE-2024-51703	WordPress Wp Basics	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in laura20 WP-Basics wp-basics allows Reflected XSS.This issue affects WP-Basics: from n/a through <= 2.0.
CVE-2024-51702	WordPress Truenorth Srcset	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through <= 1.4.
CVE-2024-51701	WordPress Mg Post Contributors	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Post Contributors mg-post-contributors allows Reflected XSS.This issue affects MG Post Contributors: from n/a through <= 1.3..
CVE-2024-51699	WordPress Buooy Sticky Header	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buooy Buooy Sticky Header buooy-sticky-header allows Reflected XSS.This issue affects Buooy Sticky Header: from n/a through <= 0.5.2.
CVE-2024-51698	—	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Bar master-bar allows Reflected XSS.This issue affects Master Bar: from n/a through <= 1.0.
CVE-2024-51697	WordPress Doofinder	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through <= 0.5.4.
CVE-2024-51696	WordPress Content Syndication Toolkit Reader	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody Content Syndication Toolkit Reader content-syndication-toolkit-reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through <= 1.5.
CVE-2024-51695	WordPress Fabrica Reusable Block Instances	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through <= 1.0.8.
CVE-2024-51694	WordPress Geotagged Media	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.
CVE-2024-51693	WordPress Search Order By Product Sku For Woocommerce	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through <= 0.2.
CVE-2024-51692	WordPress Abbs Bing Search	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through <= 0.3.3.
CVE-2024-51691	WordPress Wpr Admin Amplify	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through <= 1.3.0.
CVE-2024-51690	WordPress Wp Slide Categorywise	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neelam.samariya Wp Slide Categorywise wp-slide-categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through <= 1.1.

CVE-2024-50522HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through <= 1.6.6.
CVE-2024-50519HigNov 19, 2024
WordPress
Jigoshop Exporter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Jigoshop – Store Exporter jigoshop-exporter allows Reflected XSS.This issue affects Jigoshop – Store Exporter: from n/a through <= 1.5.8.
CVE-2024-52418HigNov 18, 2024
WordPress
Gameplan
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10.
CVE-2024-52417HigNov 18, 2024
WordPress
Reconstruction
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes ReConstruction reconstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through <= 1.4.7.
CVE-2024-51706HigNov 9, 2024
WordPress
Uw Freelancer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Upeksha Wisidagama UW Freelancer uw-freelancer allows Reflected XSS.This issue affects UW Freelancer: from n/a through <= 0.1.
CVE-2024-51705HigNov 9, 2024
WordPress
Wp Mmenu Lite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP MMenu Lite wp-mmenu-lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through <= 1.0.0.
CVE-2024-51704HigNov 9, 2024
WordPress
Wp Js Impress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Hanusek imPress wp-js-impress allows Reflected XSS.This issue affects imPress: from n/a through <= 0.1.4.
CVE-2024-51703HigNov 9, 2024
WordPress
Wp Basics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in laura20 WP-Basics wp-basics allows Reflected XSS.This issue affects WP-Basics: from n/a through <= 2.0.
CVE-2024-51702HigNov 9, 2024
WordPress
Truenorth Srcset
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through <= 1.4.
CVE-2024-51701HigNov 9, 2024
WordPress
Mg Post Contributors
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Post Contributors mg-post-contributors allows Reflected XSS.This issue affects MG Post Contributors: from n/a through <= 1.3..
CVE-2024-51699HigNov 9, 2024
WordPress
Buooy Sticky Header
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buooy Buooy Sticky Header buooy-sticky-header allows Reflected XSS.This issue affects Buooy Sticky Header: from n/a through <= 0.5.2.
CVE-2024-51698HigNov 9, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Bar master-bar allows Reflected XSS.This issue affects Master Bar: from n/a through <= 1.0.
CVE-2024-51697HigNov 9, 2024
WordPress
Doofinder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through <= 0.5.4.
CVE-2024-51696HigNov 9, 2024
WordPress
Content Syndication Toolkit Reader
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody Content Syndication Toolkit Reader content-syndication-toolkit-reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through <= 1.5.
CVE-2024-51695HigNov 9, 2024
WordPress
Fabrica Reusable Block Instances
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through <= 1.0.8.
CVE-2024-51694HigNov 9, 2024
WordPress
Geotagged Media
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.
CVE-2024-51693HigNov 9, 2024
WordPress
Search Order By Product Sku For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through <= 0.2.
CVE-2024-51692HigNov 9, 2024
WordPress
Abbs Bing Search
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through <= 0.3.3.
CVE-2024-51691HigNov 9, 2024
WordPress
Wpr Admin Amplify
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through <= 1.3.0.
CVE-2024-51690HigNov 9, 2024
WordPress
Wp Slide Categorywise
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neelam.samariya Wp Slide Categorywise wp-slide-categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through <= 1.1.