CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-0580 LOW
SourceCodester API Key Manager App 1.0 - Cross-Site Scripting in Import Key Handler
CVSS 3.5
CVE-2026-21483 MEDIUM
listmonk < 6.0.0 - Stored Cross-Site Scripting via Campaign or Template Injection
CVSS 5.4
CVE-2026-21451 HIGH
Bagisto < 2.3.10 - Stored Cross-Site Scripting via CMS Page Editor
CVSS 8.4
CVE-2026-21432 MEDIUM
emlog 2.5.23 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-21431 MEDIUM
emlog 2.5.23 - Stored Cross-Site Scripting in Resource Media Library
CVSS 5.4
CVE-2026-21430 CRITICAL
Emlog 2.5.23 - Cross-Site Request Forgery in Article Creation
CVSS 9.3
CVE-2025-68075 MEDIUM
WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-68074 MEDIUM
WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-33128 MEDIUM
IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed
CVSS 5.4
CVE-2025-69140 HIGH
WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-68524 HIGH
WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-69151 HIGH
WordPress Grand Car Rental theme <= 3.7 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-69104 HIGH
WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-59560 HIGH
WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-31013 HIGH
WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-68872 HIGH
WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-68851 HIGH
WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-68840 HIGH
WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-15659 MEDIUM
WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-15658 MEDIUM
WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2025-8444 MEDIUM
Animation Addons For Elementor < 2.6.7 - XSS
CVSS 6.4
CVE-2025-65640 MEDIUM
Arket Globe Document Intelligence 5.0.0.559 - Authenticated Stored Cross-Site Scripting in Task in Progress Page
CVSS 6.3
CVE-2025-67448 HIGH
Neterbit NW-431F Router 20241014-IR03 and before - Stored Cross-Site Scripting in SMS Module
CVSS 7.1
CVE-2025-14773 HIGH
Stored Cross-Site Scripting in ABB T-MAC Plus web application
CVSS 8.0
CVE-2025-15654 HIGH
WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits