CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,329)

page 108 of 967

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-51763	WordPress Team Showcase Ultimate	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biplob018 Team Showcase and Slider – Team Members Builder team-showcase-ultimate allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through <= 1.3.
CVE-2024-51762	WordPress Propertyshift	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Gipple PropertyShift propertyshift allows Reflected XSS.This issue affects PropertyShift: from n/a through <= 1.0.0.
CVE-2024-10676	WordPress Conversion Helper	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Conversion Helper conversion-helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through <= 1.12.
CVE-2024-51784	WordPress Friendstore For Woocommerce	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce friendstore-for-woocommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through <= 1.4.2.
CVE-2024-51783	WordPress Forms 3rdparty Post Again	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through <= 0.3.
CVE-2024-51782	WordPress Loginplus	Hig	0.46	7.1	Nov 9, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanjay Prasad Loginplus loginplus allows Stored XSS.This issue affects Loginplus: from n/a through <= 1.2.
CVE-2024-51989	Pglombardo Passwordpusher	Hig	0.46	7.1	Nov 7, 2024	Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability. ### Solution Update to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible,
CVE-2024-49634	Rimonhabib Bp Member Type Manager	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager bp-member-type-manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through <= 1.01.
CVE-2024-49632	Coralwebdesign Cwd 3d Image Gallery	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senthil Vel CWD 3D Image Gallery cwd-3d-image-gallery allows Reflection Injection.This issue affects CWD 3D Image Gallery: from n/a through <= 1.0.
CVE-2024-49645	Soft Master Affiliate Platform	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through <= 1.4.8.
CVE-2024-49643	Abdullahirfan Whitelist	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment Whitelist fifthsegment-whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through <= 3.5.
CVE-2024-49641	Tidaweb Tida URL Screenshot	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot tida-url-screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through <= 1.0.1.
CVE-2024-49640	Amadercode Acl Floating Cart For Woocommerce	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce acl-floating-cart-for-woocommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through <= 0.9.
CVE-2024-49639	Edwardstoever Monitor.chat	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Stoever Monitor.chat monitor-chat allows Reflected XSS.This issue affects Monitor.chat: from n/a through <= 1.1.1.
CVE-2024-49638	Aliazlan Risk Warning Bar	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ventureharbour Risk Warning Bar risk-warning-bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through <= 1.0.
CVE-2024-49637	Foxskav Bet Wc 2018 Russia	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia bet-wc-2018-russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through <= 2.1.
CVE-2024-49636	Prashantmavinkurve Agile Video Player Lite	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woracal Agile Video Player Lite agile-video-player allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through <= 1.0.
CVE-2024-49635	Manzurulhaque Banner Slider	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manjurul.cis Banner Slider banner-slider allows Reflected XSS.This issue affects Banner Slider: from n/a through <= 2.1.
CVE-2024-49664	Chatplus Chatplusjp	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chatplusjp chatplusjp chatplusjp allows Reflected XSS.This issue affects chatplusjp: from n/a through <= 1.02.
CVE-2024-49663	Elenazhyvohliad Ucat	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elenkadark uCAT – Next Story ucat-next-story allows Reflected XSS.This issue affects uCAT – Next Story: from n/a through <= 2.0.0.

CVE-2024-51763HigNov 9, 2024
WordPress
Team Showcase Ultimate
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biplob018 Team Showcase and Slider – Team Members Builder team-showcase-ultimate allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through <= 1.3.
CVE-2024-51762HigNov 9, 2024
WordPress
Propertyshift
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Gipple PropertyShift propertyshift allows Reflected XSS.This issue affects PropertyShift: from n/a through <= 1.0.0.
CVE-2024-10676HigNov 9, 2024
WordPress
Conversion Helper
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Conversion Helper conversion-helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through <= 1.12.
CVE-2024-51784HigNov 9, 2024
WordPress
Friendstore For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce friendstore-for-woocommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through <= 1.4.2.
CVE-2024-51783HigNov 9, 2024
WordPress
Forms 3rdparty Post Again
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through <= 0.3.
CVE-2024-51782HigNov 9, 2024
WordPress
Loginplus
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanjay Prasad Loginplus loginplus allows Stored XSS.This issue affects Loginplus: from n/a through <= 1.2.
CVE-2024-51989HigNov 7, 2024
Pglombardo
Passwordpusher
risk 0.46cvss 7.1epss 0.00
Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability. ### Solution Update to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible,
CVE-2024-49634HigOct 29, 2024
Rimonhabib
Bp Member Type Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager bp-member-type-manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through <= 1.01.
CVE-2024-49632HigOct 29, 2024
Coralwebdesign
Cwd 3d Image Gallery
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senthil Vel CWD 3D Image Gallery cwd-3d-image-gallery allows Reflection Injection.This issue affects CWD 3D Image Gallery: from n/a through <= 1.0.
CVE-2024-49645HigOct 29, 2024
Soft Master
Affiliate Platform
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through <= 1.4.8.
CVE-2024-49643HigOct 29, 2024
Abdullahirfan
Whitelist
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment Whitelist fifthsegment-whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through <= 3.5.
CVE-2024-49641HigOct 29, 2024
Tidaweb
Tida URL Screenshot
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot tida-url-screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through <= 1.0.1.
CVE-2024-49640HigOct 29, 2024
Amadercode
Acl Floating Cart For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce acl-floating-cart-for-woocommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through <= 0.9.
CVE-2024-49639HigOct 29, 2024
Edwardstoever
Monitor.chat
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Stoever Monitor.chat monitor-chat allows Reflected XSS.This issue affects Monitor.chat: from n/a through <= 1.1.1.
CVE-2024-49638HigOct 29, 2024
Aliazlan
Risk Warning Bar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ventureharbour Risk Warning Bar risk-warning-bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through <= 1.0.
CVE-2024-49637HigOct 29, 2024
Foxskav
Bet Wc 2018 Russia
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia bet-wc-2018-russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through <= 2.1.
CVE-2024-49636HigOct 29, 2024
Prashantmavinkurve
Agile Video Player Lite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woracal Agile Video Player Lite agile-video-player allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through <= 1.0.
CVE-2024-49635HigOct 29, 2024
Manzurulhaque
Banner Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manjurul.cis Banner Slider banner-slider allows Reflected XSS.This issue affects Banner Slider: from n/a through <= 2.1.
CVE-2024-49664HigOct 29, 2024
Chatplus
Chatplusjp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chatplusjp chatplusjp chatplusjp allows Reflected XSS.This issue affects chatplusjp: from n/a through <= 1.02.
CVE-2024-49663HigOct 29, 2024
Elenazhyvohliad
Ucat
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elenkadark uCAT – Next Story ucat-next-story allows Reflected XSS.This issue affects uCAT – Next Story: from n/a through <= 2.0.0.