CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,329)

page 111 of 967

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-44029	WordPress Viala	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.
CVE-2024-47322	WordPress Wp Timelines	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7.
CVE-2024-47320	WordPress Ws Form	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Westguard WS Form LITE ws-form allows Stored XSS.This issue affects WS Form LITE: from n/a through <= 1.9.238.
CVE-2024-47306	WordPress Secure Copy Content Protection Subscribe To View	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection-subscribe-to-view allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.2.3.
CVE-2024-47301	WordPress Bit Form	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through <= 2.13.10.
CVE-2024-47300	WordPress Cubewp Forms	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through <= 1.1.1.
CVE-2024-47297	WordPress Polls Cp	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through <= 1.0.74.
CVE-2024-45454	Unlimited Elements Unlimited Elements For Elementor	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121.
CVE-2024-47352	Xylusthemes Wp Bulk Delete	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1.
CVE-2024-47349	WordPress Wpappninja	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.50.
CVE-2024-47348	WordPress Yellow Pencil Visual Theme Customizer	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through <= 7.6.4.
CVE-2024-47347	WordPress Chart Builder	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Reflected XSS.This issue affects Chartify: from n/a through <= 2.7.6.
CVE-2024-47346	WordPress Newsletters Lite	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.9.9.1.
CVE-2024-47341	WordPress Wp Downloadmanager	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8.
CVE-2024-47339	WordPress Wp Mail Catcher	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JWardee WP Mail Catcher wp-mail-catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through <= 2.1.9.
CVE-2024-47333	WordPress Tangible Loops And Logic	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through <= 4.1.4.
CVE-2024-47327	WordPress Geo My Wp	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through <= 4.5.0.3.
CVE-2024-47326	WordPress Share This Image	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through <= 2.01.
CVE-2024-47367	WordPress Yith Woocommerce Product Add Ons	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.13.0.
CVE-2024-47360	Ba Booking Ba Book Everything	Hig	0.46	7.1	Oct 6, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through <= 1.6.20.

CVE-2024-44029HigOct 6, 2024
WordPress
Viala
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.
CVE-2024-47322HigOct 6, 2024
WordPress
Wp Timelines
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7.
CVE-2024-47320HigOct 6, 2024
WordPress
Ws Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Westguard WS Form LITE ws-form allows Stored XSS.This issue affects WS Form LITE: from n/a through <= 1.9.238.
CVE-2024-47306HigOct 6, 2024
WordPress
Secure Copy Content Protection Subscribe To View
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection-subscribe-to-view allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.2.3.
CVE-2024-47301HigOct 6, 2024
WordPress
Bit Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through <= 2.13.10.
CVE-2024-47300HigOct 6, 2024
WordPress
Cubewp Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through <= 1.1.1.
CVE-2024-47297HigOct 6, 2024
WordPress
Polls Cp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through <= 1.0.74.
CVE-2024-45454HigOct 6, 2024
Unlimited Elements
Unlimited Elements For Elementor
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121.
CVE-2024-47352HigOct 6, 2024
Xylusthemes
Wp Bulk Delete
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1.
CVE-2024-47349HigOct 6, 2024
WordPress
Wpappninja
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.50.
CVE-2024-47348HigOct 6, 2024
WordPress
Yellow Pencil Visual Theme Customizer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through <= 7.6.4.
CVE-2024-47347HigOct 6, 2024
WordPress
Chart Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Reflected XSS.This issue affects Chartify: from n/a through <= 2.7.6.
CVE-2024-47346HigOct 6, 2024
WordPress
Newsletters Lite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.9.9.1.
CVE-2024-47341HigOct 6, 2024
WordPress
Wp Downloadmanager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8.
CVE-2024-47339HigOct 6, 2024
WordPress
Wp Mail Catcher
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JWardee WP Mail Catcher wp-mail-catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through <= 2.1.9.
CVE-2024-47333HigOct 6, 2024
WordPress
Tangible Loops And Logic
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through <= 4.1.4.
CVE-2024-47327HigOct 6, 2024
WordPress
Geo My Wp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through <= 4.5.0.3.
CVE-2024-47326HigOct 6, 2024
WordPress
Share This Image
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through <= 2.01.
CVE-2024-47367HigOct 6, 2024
WordPress
Yith Woocommerce Product Add Ons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.13.0.
CVE-2024-47360HigOct 6, 2024
Ba Booking
Ba Book Everything
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through <= 1.6.20.