CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,969 vulnerabilities with CWE-79
CVE-2025-67933 HIGH
Taskbuilder <= 4.0.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67932 HIGH
purethemes Listeo Core < 2.0.19 - XSS
CVSS 7.1
CVE-2025-67930 HIGH
Vernon Systems Limited eHive Search <2.5.0 - XSS
CVSS 7.1
CVE-2025-67927 HIGH
Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67922 HIGH
ThemeGoods Grand Restaurant < 7.0.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67918 HIGH
Woffice <= 5.4.30 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-67916 HIGH
Astoundify Jobify <= 4.3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27004 HIGH
LambertGroup Famous - Responsive Image And Video Grid Gallery WordP...
CVSS 7.1
CVE-2025-27002 HIGH
LambertGroup CountDown With Image or Video Background <=1.5 - XSS
CVSS 7.1
CVE-2025-22725 HIGH
loopus WP Virtual Assistant <= 3.0 - XSS
CVSS 7.1
CVE-2025-14984 MEDIUM
Gutenverse Form < 2.3.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-13504 HIGH
e-plugins Real Estate Pro <= 2.1.4 - XSS
CVSS 7.1
CVE-2025-12551 HIGH
ListingHub < 1.2.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-14275 MEDIUM
Jeg Elementor Kit < 3.0.1 - Authenticated Stored Cross-Site Scripting in Countdown Widget Redirect
CVSS 6.4
CVE-2025-12776 MEDIUM
Commvault 11.36.0-11.36.68 - Stored Cross-Site Scripting in Report Builder
CVSS 5.4
CVE-2025-66686 MEDIUM
Perch CMS 3.2 - Authenticated Stored Cross-Site Scripting via Help Button URL Setting
CVSS 6.1
CVE-2025-15479 MEDIUM
ngsurvey < 3.6.17 - Authenticated Stored Cross-Site Scripting in Survey Content
CVSS 5.4
CVE-2025-46494 HIGH
Themesgrove WidgetKit Pro <1.13.1 - XSS
CVSS 7.1
CVE-2025-69082 HIGH
Frenify Arlo <= 6.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32300 HIGH
Digital zoom studio DZS Video Gallery <12.25 - XSS
CVSS 7.1
CVE-2025-15000 MEDIUM
Page Keys <= 1.3.3 - Authenticated Stored Cross-Site Scripting via page_key Parameter
CVSS 4.4
CVE-2025-14891 MEDIUM
Customer Reviews for WooCommerce <5.93.1 - XSS
CVSS 6.4
CVE-2025-14888 MEDIUM
Simple User Meta Editor <1.0.0 - XSS
CVSS 4.4
CVE-2025-14887 MEDIUM
twinklesmtp WordPress <=1.03 Authenticated Stored XSS via Sender Settings
CVSS 4.4
CVE-2025-14875 MEDIUM
HBLPAY Payment Gateway - WooCommerce <5.0.0 - XSS
CVSS 6.1
Details
Vulnerabilities 44,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits