CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,969 vulnerabilities with CWE-79
CVE-2025-9222 HIGH
GitLab 18.2.2-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Stored Cross-Site Scripting via GitLab Flavored Markdown
CVSS 8.7
CVE-2025-13900 MEDIUM
WP Popup Magic <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Name Parameter
CVSS 6.4
CVE-2025-13895 MEDIUM
Top Position Google Finance <0.1.0 - XSS
CVSS 6.1
CVE-2025-13853 MEDIUM
Nearby Now Reviews <= 5.2 - Authenticated Stored Cross-Site Scripting via nn-tech Shortcode data_tech Parameter
CVSS 6.4
CVE-2025-13761 HIGH
GitLab 18.6-18.6.2 and 18.7-18.7.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 8.0
CVE-2025-13729 MEDIUM
Entry Views < 1.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-14937 HIGH
Frontend Admin by DynamiApps <3.28.23 - XSS
CVSS 7.2
CVE-2025-15057 HIGH
SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via Fingerprint Parameter
CVSS 7.2
CVE-2025-15055 HIGH
SlimStat Analytics plugin - WordPress <5.3.4 - XSS
CVSS 7.2
CVE-2025-15019 MEDIUM
BIALTY - Bulk Image Alt Text <2.2.1 - XSS
CVSS 6.4
CVE-2025-14893 MEDIUM
IndieWeb plugin for WordPress <4.0.5 - XSS
CVSS 6.4
CVE-2025-14803 MEDIUM
NEX-Forms < 9.1.8 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 6.8
CVE-2025-14436 HIGH
Brevo for WooCommerce <4.0.49 - XSS
CVSS 7.2
CVE-2025-61550 MEDIUM
edu Business Solutions Print Shop Pro WebDesk <19.69 - XSS
CVSS 5.4
CVE-2025-61549 MEDIUM
Print Shop Pro WebDesk <19.76 - XSS
CVSS 6.1
CVE-2025-63611 HIGH
phpgurukul Hostel Management System v2.1 - XSS
CVSS 8.7
CVE-2025-68892 HIGH
[email protected] Scroll <5.0 - XSS
CVSS 7.1
CVE-2025-68891 HIGH
WP App Bar <= 1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68890 HIGH
hands01 e-shops <= 1.0.4 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-68889 HIGH
Pinpoll <= 4.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68887 HIGH
CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirecto...
CVSS 7.1
CVE-2025-68875 MEDIUM
jcaruso001 Flaming Password Reset <=1.0.3 - XSS
CVSS 6.5
CVE-2025-68874 HIGH
Shahjada Visitor Stats Widget <1.5.0 - XSS
CVSS 7.1
CVE-2025-68873 HIGH
PRIMER by chloédigital <=1.0.25 - XSS
CVSS 7.1
CVE-2025-68867 MEDIUM
Effect Maker <= 1.2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 44,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits