CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,329)

page 113 of 967

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-45459	Pickplugins Product Slider For Woocommerce	Hig	0.46	7.1	0.00	Sep 15, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50.
CVE-2024-45458	Spiffyplugins Spiffy Calendar	Hig	0.46	7.1	0.00	Sep 15, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through <= 4.9.13.
CVE-2024-43255	Stormhillmedia Mybook Table Bookstore	Hig	0.46	7.1	0.00	Aug 26, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.This issue affects MyBookTable Bookstore: from n/a through <= 3.3.9.
CVE-2024-43279	—	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.
CVE-2024-43246	WordPress Whmpress	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.
CVE-2024-43244	WordPress Houzez	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.
CVE-2024-43241	WordPress Indeed Membership Pro	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.
CVE-2024-43303	WordPress White Label Cms	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.
CVE-2024-43313	Formfacade Formfacade	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.2.
CVE-2024-43348	WordPress Purity Of Soul	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.
CVE-2024-43238	Wedevs Wemail	Hig	0.46	7.1	0.00	Aug 18, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5.
CVE-2024-38724	WordPress Cf7 Summary And Print	Hig	0.46	7.1	0.00	Aug 13, 2024	Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
CVE-2024-43127	WordPress Export Woocommerce	Hig	0.46	7.1	0.00	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11.
CVE-2024-43126	WordPress Sender Net Automated Emails	Hig	0.46	7.1	0.00	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14.
CVE-2024-43217	WordPress Kodex Posts Likes	Hig	0.46	7.1	0.00	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.
CVE-2024-43213	WordPress Dc Woocommerce Multi Vendor	Hig	0.46	7.1	0.01	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.
CVE-2024-43163	WordPress Parcelpanel	Hig	0.46	7.1	0.00	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.
CVE-2024-43233	WordPress Bsk Gravityforms Blacklist	Hig	0.46	7.1	0.01	Aug 12, 2024	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
CVE-2024-39647	Kofimokome Message Filter For Contact Form 7	Hig	0.46	7.1	0.00	Aug 1, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.1.1.
CVE-2024-39646	Kunalnagar Custom 404 Pro	Hig	0.46	7.1	0.04	Aug 1, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro custom-404-pro.This issue affects Custom 404 Pro: from n/a through <= 3.11.1.

CVE-2024-45459HigSep 15, 2024
Pickplugins
Product Slider For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50.
CVE-2024-45458HigSep 15, 2024
Spiffyplugins
Spiffy Calendar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through <= 4.9.13.
CVE-2024-43255HigAug 26, 2024
Stormhillmedia
Mybook Table Bookstore
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.This issue affects MyBookTable Bookstore: from n/a through <= 3.3.9.
CVE-2024-43279HigAug 18, 2024
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.
CVE-2024-43246HigAug 18, 2024
WordPress
Whmpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.
CVE-2024-43244HigAug 18, 2024
WordPress
Houzez
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.
CVE-2024-43241HigAug 18, 2024
WordPress
Indeed Membership Pro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.
CVE-2024-43303HigAug 18, 2024
WordPress
White Label Cms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.
CVE-2024-43313HigAug 18, 2024
Formfacade
Formfacade
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in manidoraisamy FormFacade formfacade allows Reflected XSS.This issue affects FormFacade: from n/a through <= 1.3.2.
CVE-2024-43348HigAug 18, 2024
WordPress
Purity Of Soul
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.
CVE-2024-43238HigAug 18, 2024
Wedevs
Wemail
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5.
CVE-2024-38724HigAug 13, 2024
WordPress
Cf7 Summary And Print
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
CVE-2024-43127HigAug 12, 2024
WordPress
Export Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11.
CVE-2024-43126HigAug 12, 2024
WordPress
Sender Net Automated Emails
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14.
CVE-2024-43217HigAug 12, 2024
WordPress
Kodex Posts Likes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.
CVE-2024-43213HigAug 12, 2024
WordPress
Dc Woocommerce Multi Vendor
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.
CVE-2024-43163HigAug 12, 2024
WordPress
Parcelpanel
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2.
CVE-2024-43233HigAug 12, 2024
WordPress
Bsk Gravityforms Blacklist
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
CVE-2024-39647HigAug 1, 2024
Kofimokome
Message Filter For Contact Form 7
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.1.1.
CVE-2024-39646HigAug 1, 2024
Kunalnagar
Custom 404 Pro
risk 0.46cvss 7.1epss 0.04
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro custom-404-pro.This issue affects Custom 404 Pro: from n/a through <= 3.11.1.