CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,969 vulnerabilities with CWE-79
CVE-2025-13847 MEDIUM
PhotoFade <= 0.2.1 - Authenticated Stored Cross-Site Scripting via Time Parameter
CVSS 6.4
CVE-2025-13841 MEDIUM
Smart App Banners <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-13667 MEDIUM
WP Recipe Manager <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Skill Level Input Field
CVSS 6.4
CVE-2025-13531 MEDIUM
Stylish Order Form Builder <1.0 - XSS
CVSS 6.4
CVE-2025-13497 MEDIUM
Recras <= 6.4.1 - Authenticated Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute
CVSS 6.4
CVE-2025-13418 MEDIUM
Responsive Pricing Table <5.1.12 - XSS
CVSS 6.4
CVE-2025-13369 MEDIUM
Premmerce WooCommerce Customers Manager <1.1.14 - XSS
CVSS 6.1
CVE-2025-31642 HIGH
WPCHURCH < 2.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30631 HIGH
AA-Team Woocommerce Sales Funnel Builder <1.1, AA-Team Amazon Affil...
CVSS 7.1
CVE-2025-13744 MEDIUM
GitHub Enterprise Server 3.14.0-3.14.19 - Authenticated Cross-Site Scripting in Filter Component
CVSS 5.4
CVE-2025-69362 MEDIUM
POSIMYTH UiChemy <= 4.4.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-69360 MEDIUM
CodexThemes TheGem Theme Elements - XSS
CVSS 6.5
CVE-2025-69357 MEDIUM
CodexThemes TheGem Theme Elements - XSS
CVSS 6.5
CVE-2025-69350 MEDIUM
Themepoints Accordion <= 3.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-69335 MEDIUM
Themepoints Team Showcase <2.9 - XSS
CVSS 6.5
CVE-2025-69334 MEDIUM
Wish-list-for-WooCommerce <3.3.0 - XSS
CVSS 6.5
CVE-2025-69085 HIGH
e-plugins JobBank <= 1.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-69084 HIGH
GT3 themes Photo Gallery <2.7.7.26 - XSS
CVSS 7.1
CVE-2025-63083 MEDIUM
Joomla! 3.9.0-5.4.1 - Cross-Site Scripting in Pagebreak Plugin
CVSS 6.1
CVE-2025-63082 MEDIUM
Joomla! 4.0.0 through 5.4.2 - Cross-Site Scripting via Data URLs in HTML Filter
CVSS 6.1
CVE-2025-14552 MEDIUM
MediaPress <= 1.6.1 - Authenticated Stored Cross-Site Scripting via mpp-uploader Shortcode
CVSS 6.4
CVE-2025-12067 MEDIUM
Table Field Add-on for ACF and SCF - XSS
CVSS 6.4
CVE-2025-4776 MEDIUM
Phlox <= 2.17.7 - Authenticated Stored Cross-Site Scripting via data-caption Attribute
CVSS 6.4
CVE-2025-14120 MEDIUM
URL Image Importer plugin <1.0.8 - XSS
CVSS 6.4
CVE-2025-13746 MEDIUM
ForumWP - Forum & Discussion Board <= 2.1.6 - Authenticated Stored Cross-Site Scripting via User Display Name
CVSS 6.4
Details
Vulnerabilities 44,969
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits