CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,968 vulnerabilities with CWE-79
CVE-2025-68538 HIGH
ThemeGoods Craft <= 2.3.6 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-68520 HIGH
DotLife < 4.9.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68518 HIGH
ThemeGoods Hoteller < 6.8.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68041 HIGH
codisto Omnichannel for WooCommerce - XSS
CVSS 7.1
CVE-2025-68012 HIGH
CodeColorer <= 0.10.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-68011 HIGH
GLS Shipping for WooCommerce <=1.4.0 - XSS
CVSS 7.1
CVE-2025-68010 HIGH
Netgsm <= 2.9.63 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68008 HIGH
WP Mail <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68004 HIGH
Kapil Chugh My Post Order <= 1.2.1.1 - XSS
CVSS 7.1
CVE-2025-67964 HIGH
Homey Core <= 2.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67960 HIGH
purethemes WorkScout-Core <= 1.7.06 - XSS
CVSS 7.1
CVE-2025-67959 HIGH
purethemes WorkScout <= 4.1.07 - XSS
CVSS 7.1
CVE-2025-67952 HIGH
ThemeGoods Grand Tour < 5.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67949 HIGH
Hostiko < 94.3.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67947 HIGH
scriptsbundle AdForest Elementor <3.0.11 - XSS
CVSS 7.1
CVE-2025-67943 HIGH
wphocus My auctions allegro <3.6.32 - XSS
CVSS 7.1
CVE-2025-67923 HIGH
Crocoblock JetEngine <= 3.7.7 - XSS
CVSS 7.1
CVE-2025-67620 HIGH
CleverSoft Anon <= 2.2.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67614 HIGH
TheNa <= 1.5.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-63026 MEDIUM
ThemeGoods Grand Restaurant Theme Elements - XSS
CVSS 6.5
CVE-2025-62077 MEDIUM
SEOSEON EUROPE S.L Affiliate Link Tracker <0.3 - XSS
CVSS 5.9
CVE-2025-53240 HIGH
adamlabs WordPress Photo Gallery <1.1.0 - XSS
CVSS 7.1
CVE-2025-52762 HIGH
flexostudio flexo-posts-manager - XSS
CVSS 7.1
CVE-2025-52746 HIGH
Restaurante <= 3.0.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-50006 HIGH
Jthemes xSmart <= 1.2.9.4 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 44,968
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits