CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2025-52759 HIGH
WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-5085 MEDIUM
wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter
CVSS 5.5
CVE-2025-11262 HIGH
Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-14042 MEDIUM
Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Portfolio Project Details
CVSS 6.4
CVE-2025-3633 MEDIUM
IBM Cognos Analytics is affected by multiple security vulnerabilities
CVSS 5.4
CVE-2025-52747 HIGH
WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-22741 HIGH
WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-13167 MEDIUM
Synology Contacts < 1.0.10-20659 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2025-10466 MEDIUM
Synology Safe Access < 1.3.1-0329 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.9
CVE-2025-68709 MEDIUM
SailingLab AppLock 4.3.8 - Arbitrary JavaScript Execution via BrowserMainActivity
CVSS 5.2
CVE-2025-36148 MEDIUM
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.
CVSS 5.4
CVE-2025-36126 MEDIUM
IBM Cognos Analytics is affected by multiple security vulnerabilities
CVSS 6.4
CVE-2025-62745 MEDIUM
WordPress Team Showcase plugin <= 1.22.28 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-40904 MEDIUM
HTML injection in Smart Polling in Guardian/CMC before 26.1.0
CVSS 6.5
CVE-2025-40903 MEDIUM
HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
CVSS 5.9
CVE-2025-40902 MEDIUM
HTML injection in Users in Guardian/CMC before 26.1.0
CVSS 5.9
CVE-2025-40901 MEDIUM
HTML injection in Credentials Manager in Guardian/CMC before 26.1.0
CVSS 5.9
CVE-2025-27852 MEDIUM
Garmin WDU v1 1.4.6 & v2 5.0 - Reflected XSS
CVSS 5.0
CVE-2025-14767 MEDIUM
WPC Badge Management for WooCommerce <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute
CVSS 5.5
CVE-2025-9989 MEDIUM
Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVSS 4.4
CVE-2025-70842 MEDIUM
FluentCMS 1.2.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-65417 MEDIUM
docuFORM Managed Print Service Client 11.11c - XSS
CVSS 6.1
CVE-2025-61314 HIGH
docuForm Mecury Managed Print Services 11.11c - Reflected Cross-Site Scripting in dfm-menu_orderopt.php
CVSS 7.3
CVE-2025-61313 HIGH
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 7.3
CVE-2025-61312 HIGH
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 7.3
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits