CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2025-68846 HIGH
Asynchronous Javascript <=1.3.5 - XSS
CVSS 7.1
CVE-2025-68845 HIGH
eDS Responsive Menu <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68844 HIGH
DaleAB Membee Login <= 2.3.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68843 HIGH
FeedWordPress Advanced Filters <=0.6.2 - XSS
CVSS 7.1
CVE-2025-68842 HIGH
Widget Logic Visual <= 1.52 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68501 HIGH
Mollie Payments for WooCommerce <=8.1.1 - XSS
CVSS 7.1
CVE-2025-68495 HIGH
Crocoblock JetEngine <= 3.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68037 HIGH
Export Media URLs <= 2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68031 HIGH
farazsms <=2.7.3 - XSS
CVSS 7.1
CVE-2025-67991 HIGH
User Extra Fields <= 16.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67990 HIGH
GMap Targeting <= 1.1.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67984 HIGH
NPS computy <= 2.8.2 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-67978 HIGH
FixBD Educare <= 1.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67971 HIGH
FluentCart < 1.3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67438 MEDIUM
Sync-in Server < 1.9.3 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60183 MEDIUM
Silencesoft RSS Reader <= 0.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53237 HIGH
Soflyy WP Wizard Cloak <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53233 HIGH
RylanH Storyform <= 0.6.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53231 HIGH
Easy Taxonomy Images <= 1.0.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-53228 HIGH
bbpress Simple Advert Units <=0.41 - XSS
CVSS 7.1
CVE-2025-9208 MEDIUM
OpenText Web Site Management Server 16.7.X-16.8.1 - XSS
CVSS 5.4
CVE-2025-13672 MEDIUM
OpenText Web Site Management 16.7.0-16.7.1 - XSS
CVSS 5.4
CVE-2025-71241 MEDIUM
SPIP 4.1.0-4.1.19 - Cross-Site Scripting in Private Area Error Message
CVSS 6.1
CVE-2025-71240 MEDIUM
SPIP 4.2.0-4.2.14 - Cross-Site Scripting via HTML Code Tags
CVSS 5.4
CVE-2025-15562 MEDIUM
Worktime < 11.8.8 - Reflected Cross-Site Scripting via /report/internet/urls Endpoint
CVSS 6.1
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits