CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,973 vulnerabilities with CWE-79
CVE-2025-67710 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-67709 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-67708 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-67705 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-67704 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-67703 MEDIUM
Esri ArcGIS Server < 11.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-53235 HIGH
Easy Social <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52739 HIGH
Sala < 1.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-50053 HIGH
Blappsta Mobile App Plugin & Your native, mobile iPhone App and And...
CVSS 7.1
CVE-2025-47566 HIGH
ZoomSounds < 6.91 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23757 HIGH
Proloy Chakroborty ZD Scribd iPaper - XSS
CVSS 7.1
CVE-2025-23719 HIGH
ZhinaTwitterWidget <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23707 HIGH
En Masse <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23705 HIGH
Zielke Design Project Gallery <2.5.0 - XSS
CVSS 7.1
CVE-2025-23667 HIGH
custom-post-edit <= 1.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-62989 MEDIUM
Gora Tech Cooked <= 1.11.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-59135 MEDIUM
eLEOPARD Behance Portfolio Manager <1.7.5 - XSS
CVSS 5.9
CVE-2025-49355 MEDIUM
ikaes Accessibility Press <1.0.2 - XSS
CVSS 5.9
CVE-2025-49337 MEDIUM
Dashboard Beacon <= 1.2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-23608 HIGH
Omar Mohamed Mohamoud LIVE TV - XSS
CVSS 7.1
CVE-2025-63021 MEDIUM
Valenti Engine <= 1.0.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-63020 MEDIUM
Wayne Allen Postie <= 1.9.73 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62750 MEDIUM
WooCommerce Parcelas <= 1.3.5 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2025-62149 MEDIUM
SaifuMak Add Custom Codes <4.80 - XSS
CVSS 5.9
CVE-2025-62142 MEDIUM
Post Video Players <= 1.163 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 44,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits