CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,973 vulnerabilities with CWE-79
CVE-2025-12067 MEDIUM
Table Field Add-on for ACF and SCF - XSS
CVSS 6.4
CVE-2025-4776 MEDIUM
Phlox <= 2.17.7 - Authenticated Stored Cross-Site Scripting via data-caption Attribute
CVSS 6.4
CVE-2025-14120 MEDIUM
URL Image Importer plugin <1.0.8 - XSS
CVSS 6.4
CVE-2025-13746 MEDIUM
ForumWP - Forum & Discussion Board <= 2.1.6 - Authenticated Stored Cross-Site Scripting via User Display Name
CVSS 6.4
CVE-2025-66648 HIGH
vega-functions < 6.1.1 - Cross-Site Scripting via Internal Function
CVSS 7.2
CVE-2025-65110 HIGH
Vega < 5.6.3 - DOM Cross-Site Scripting via Malicious Vega Specification
CVSS 8.1
CVE-2025-59158 HIGH
Coolify <= 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting via Project Name
CVSS 8.0
CVE-2025-55204 HIGH
muffon < 2.3.0 - Remote Code Execution via Crafted muffon:// URL Handler
CVSS 8.8
CVE-2025-67316 MEDIUM
realme Internet Browser 45.13.4.1 - Remote Code Execution via Crafted Webpage
CVSS 5.4
CVE-2025-59467 HIGH
UCRM Argentina AFIP invoices Plugin < 1.3.0 - Stored Cross-Site Scripting
CVSS 7.5
CVE-2025-39497 MEDIUM
Dokan Pro <= 3.14.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66376 HIGH KEV
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
CVSS 7.2
CVE-2025-12513 MEDIUM
Centreon Web 24.04.0-24.04.18 - Stored Cross-Site Scripting in Hosts Configuration Form
CVSS 6.8
CVE-2025-12511 MEDIUM
Centreon Infra Monitoring 24.04.0-24.04.7, 24.10.0-24.10.3, 25.10.0 - Stored Cross-Site Scripting
CVSS 6.8
CVE-2025-13056 MEDIUM
Centreon Web 24.04.0-24.04.18 - Stored Cross-Site Scripting in Administration ACL Menu Configuration
CVSS 6.8
CVE-2025-15022 MEDIUM
Vaadin Framework 7.0.0-7.7.49 and 8.0.0-8.29.1 - Cross-Site Scripting in Action Caption
CVE-2025-15454 LOW
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
CVSS 3.1
CVE-2025-15452 LOW
wang.market wangmarket < 4.9 - Stored Cross-Site Scripting via Backend Variable Search Description Parameter
CVSS 2.4
CVE-2025-15451 LOW
wangmarket < 4.9 - Cross-Site Scripting via System Variables Page Description Parameter
CVSS 2.4
CVE-2025-5591 MEDIUM
Kentico Xperience 13.0.0-13.0.166 - Stored Cross-Site Scripting via Form Component
CVSS 5.4
CVE-2025-14830 MEDIUM
JFrog Artifactory Workers >=7.94.0-<7.117.10 - XSS
CVSS 4.9
CVE-2025-62857 MEDIUM
QuMagie 2.0.0-2.8.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-15437 LOW
LigeroSmart < 6.1.24 - Cross-Site Scripting via REQUEST_URI Manipulation
CVSS 3.5
CVE-2025-15416 LOW
wangmarket < 6.4 - Stored Cross-Site Scripting via Remark/Variable Value in Add Global Variable Handler
CVSS 2.4
CVE-2025-67711 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 44,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits