CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,329)

page 112 of 967

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-47369	Wpwebinfotech Social Auto Poster	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15.
CVE-2024-47624	WordPress Bsk Gravityforms Blacklist	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1.
CVE-2024-47395	WordPress Robokassa	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.6.1.
CVE-2024-47394	WordPress Wp Jobsearch	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9.
CVE-2024-47389	Basixonline Nex Forms	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 8.7.3.
CVE-2024-47388	WordPress Slicewp	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through <= 1.1.18.
CVE-2024-47386	WordPress Wpextended	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.8.
CVE-2024-47384	Wpcompress Wp Compress	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13.
CVE-2024-47380	WordPress Wp Lister For Ebay	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.6.3.
CVE-2024-47379	WordPress Web Directory Free	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.
CVE-2024-47378	Wpcom Wpcom Member	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through <= 1.5.4.
CVE-2024-47644	WordPress Copyscape Premium	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Copyscape Copyscape Premium copyscape-premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through <= 1.3.9.
CVE-2024-47638	Vcita Online Booking \& Scheduling Calendar	Hig	0.46	7.1	0.00	Oct 5, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.4.6.
CVE-2024-43959	WordPress Super Testimonial	Hig	0.46	7.1	0.01	Sep 25, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials super-testimonial allows Reflected XSS.This issue affects Testimonials: from n/a through <= 4.0.1.
CVE-2024-44003	Spicethemes Spice Starter Sites	Hig	0.46	7.1	0.00	Sep 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through <= 1.2.5.
CVE-2024-44002	Pickplugins Team Showcase	Hig	0.46	7.1	0.01	Sep 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.
CVE-2024-43975	Superstorefinder Super Store Finder	Hig	0.46	7.1	0.00	Sep 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7.
CVE-2024-44064	Likebtn Like Button Rating	Hig	0.46	7.1	0.00	Sep 17, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LikeBtn Like Button Rating likebtn-like-button.This issue affects Like Button Rating: from n/a through <= 2.6.53.
CVE-2024-44009	Wclovers Wcfm Marketplace	Hig	0.46	7.1	0.01	Sep 17, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through <= 3.6.11.
CVE-2024-44007	Sktthemes Skt Templates	Hig	0.46	7.1	0.00	Sep 17, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Templates – Elementor & Gutenberg templates skt-templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through <= 6.14.

CVE-2024-47369HigOct 5, 2024
Wpwebinfotech
Social Auto Poster
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15.
CVE-2024-47624HigOct 5, 2024
WordPress
Bsk Gravityforms Blacklist
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1.
CVE-2024-47395HigOct 5, 2024
WordPress
Robokassa
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.6.1.
CVE-2024-47394HigOct 5, 2024
WordPress
Wp Jobsearch
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9.
CVE-2024-47389HigOct 5, 2024
Basixonline
Nex Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 8.7.3.
CVE-2024-47388HigOct 5, 2024
WordPress
Slicewp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through <= 1.1.18.
CVE-2024-47386HigOct 5, 2024
WordPress
Wpextended
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.8.
CVE-2024-47384HigOct 5, 2024
Wpcompress
Wp Compress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13.
CVE-2024-47380HigOct 5, 2024
WordPress
Wp Lister For Ebay
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.6.3.
CVE-2024-47379HigOct 5, 2024
WordPress
Web Directory Free
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.
CVE-2024-47378HigOct 5, 2024
Wpcom
Wpcom Member
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through <= 1.5.4.
CVE-2024-47644HigOct 5, 2024
WordPress
Copyscape Premium
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Copyscape Copyscape Premium copyscape-premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through <= 1.3.9.
CVE-2024-47638HigOct 5, 2024
Vcita
Online Booking \& Scheduling Calendar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.4.6.
CVE-2024-43959HigSep 25, 2024
WordPress
Super Testimonial
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials super-testimonial allows Reflected XSS.This issue affects Testimonials: from n/a through <= 4.0.1.
CVE-2024-44003HigSep 18, 2024
Spicethemes
Spice Starter Sites
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through <= 1.2.5.
CVE-2024-44002HigSep 18, 2024
Pickplugins
Team Showcase
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.
CVE-2024-43975HigSep 18, 2024
Superstorefinder
Super Store Finder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7.
CVE-2024-44064HigSep 17, 2024
Likebtn
Like Button Rating
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LikeBtn Like Button Rating likebtn-like-button.This issue affects Like Button Rating: from n/a through <= 2.6.53.
CVE-2024-44009HigSep 17, 2024
Wclovers
Wcfm Marketplace
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through <= 3.6.11.
CVE-2024-44007HigSep 17, 2024
Sktthemes
Skt Templates
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Templates – Elementor & Gutenberg templates skt-templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through <= 6.14.