CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,329)

page 109 of 967

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-49662	Webgensis Simple Load More	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webgensis Simple Load More simple-load-more allows Reflected XSS.This issue affects Simple Load More: from n/a through <= 1.0.
CVE-2024-49661	Leenk Leenk.me	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lew Ayotte leenk.me leenkme allows Reflected XSS.This issue affects leenk.me: from n/a through <= 2.16.0.
CVE-2024-49660	Campusexplorer Widget	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CampusExplorer Campus Explorer Widget campus-explorer-widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through <= 1.4.
CVE-2024-49656	Abdullahirfan Documentpress	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment DocumentPress documentpress-display-any-document-on-your-site allows Reflected XSS.This issue affects DocumentPress: from n/a through <= 2.1.
CVE-2024-49654	Marianheddesheimer Extra Privacy For Elementor	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor extra-privacy-for-elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through <= 0.1.3.
CVE-2024-49651	Mattroyal Woocommerce Maintenance Mode	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode woocommerce-maintenance-mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through <= 2.0.1.
CVE-2024-49650	WordPress Bp Greeting Message	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xarbo BuddyPress Greeting Message bp-greeting-message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through <= 1.0.3.
CVE-2024-49648	WordPress Svg Captcha	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi SVG Captcha svg-captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through <= 1.0.11.
CVE-2024-49647	WordPress Simple Custom Admin	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin simple-custom-admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through <= 1.2.
CVE-2024-49646	WordPress Code Generator	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ioannup Code Generate code-generator allows Reflected XSS.This issue affects Code Generate: from n/a through <= 1.0.
CVE-2024-50407	Kibokolabs Namaste\! Lms	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Reflected XSS.This issue affects Namaste! LMS: from n/a through <= 2.6.2.
CVE-2024-49678	WordPress Js Paper	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.
CVE-2024-49673	Latex2html Latex2html	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through <= 2.5.4.
CVE-2024-49670	Samglover Client Power Tools	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal client-power-tools allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through <= 1.9.0.
CVE-2024-49642	Rafasashi Todo Custom Field	Hig	0.46	7.1	Oct 29, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi Todo Custom Field todo-custom-field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through <= 3.0.4.
CVE-2024-50448	Yithemes Yith Woocommerce Product Add Ons	Hig	0.46	7.1	Oct 28, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.14.1.
CVE-2024-50438	Church Admin Project Church Admin	Hig	0.46	7.1	Oct 28, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Reflected XSS.This issue affects Church Admin: from n/a through < 5.0.0.
CVE-2024-44061	Wpfactory Eu\/uk Vat Manager For Woocommerce	Hig	0.46	7.1	Oct 20, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through <= 2.12.14.
CVE-2024-49606	Dotsquares Google Map Locations	Hig	0.46	7.1	Oct 20, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through <= 1.0.
CVE-2024-49334	Unizoewebsolutions Jlayer Parallax Slider	Hig	0.46	7.1	Oct 20, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider jlayer-parallax-slider-wp allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through <= 1.0.

CVE-2024-49662HigOct 29, 2024
Webgensis
Simple Load More
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webgensis Simple Load More simple-load-more allows Reflected XSS.This issue affects Simple Load More: from n/a through <= 1.0.
CVE-2024-49661HigOct 29, 2024
Leenk
Leenk.me
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lew Ayotte leenk.me leenkme allows Reflected XSS.This issue affects leenk.me: from n/a through <= 2.16.0.
CVE-2024-49660HigOct 29, 2024
Campusexplorer
Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CampusExplorer Campus Explorer Widget campus-explorer-widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through <= 1.4.
CVE-2024-49656HigOct 29, 2024
Abdullahirfan
Documentpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fifthsegment DocumentPress documentpress-display-any-document-on-your-site allows Reflected XSS.This issue affects DocumentPress: from n/a through <= 2.1.
CVE-2024-49654HigOct 29, 2024
Marianheddesheimer
Extra Privacy For Elementor
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor extra-privacy-for-elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through <= 0.1.3.
CVE-2024-49651HigOct 29, 2024
Mattroyal
Woocommerce Maintenance Mode
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode woocommerce-maintenance-mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through <= 2.0.1.
CVE-2024-49650HigOct 29, 2024
WordPress
Bp Greeting Message
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xarbo BuddyPress Greeting Message bp-greeting-message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through <= 1.0.3.
CVE-2024-49648HigOct 29, 2024
WordPress
Svg Captcha
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi SVG Captcha svg-captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through <= 1.0.11.
CVE-2024-49647HigOct 29, 2024
WordPress
Simple Custom Admin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin simple-custom-admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through <= 1.2.
CVE-2024-49646HigOct 29, 2024
WordPress
Code Generator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ioannup Code Generate code-generator allows Reflected XSS.This issue affects Code Generate: from n/a through <= 1.0.
CVE-2024-50407HigOct 29, 2024
Kibokolabs
Namaste\! Lms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Reflected XSS.This issue affects Namaste! LMS: from n/a through <= 2.6.2.
CVE-2024-49678HigOct 29, 2024
WordPress
Js Paper
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.
CVE-2024-49673HigOct 29, 2024
Latex2html
Latex2html
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through <= 2.5.4.
CVE-2024-49670HigOct 29, 2024
Samglover
Client Power Tools
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Glover Client Power Tools Portal client-power-tools allows Reflected XSS.This issue affects Client Power Tools Portal: from n/a through <= 1.9.0.
CVE-2024-49642HigOct 29, 2024
Rafasashi
Todo Custom Field
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rafasashi Todo Custom Field todo-custom-field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through <= 3.0.4.
CVE-2024-50448HigOct 28, 2024
Yithemes
Yith Woocommerce Product Add Ons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.14.1.
CVE-2024-50438HigOct 28, 2024
Church Admin Project
Church Admin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Reflected XSS.This issue affects Church Admin: from n/a through < 5.0.0.
CVE-2024-44061HigOct 20, 2024
Wpfactory
Eu\/uk Vat Manager For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through <= 2.12.14.
CVE-2024-49606HigOct 20, 2024
Dotsquares
Google Map Locations
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through <= 1.0.
CVE-2024-49334HigOct 20, 2024
Unizoewebsolutions
Jlayer Parallax Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider jlayer-parallax-slider-wp allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through <= 1.0.