CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,973 vulnerabilities with CWE-79
CVE-2025-63000 MEDIUM
WP for Church Sermon Manager <2.30.0 - XSS
CVSS 6.5
CVE-2025-62761 MEDIUM
BasePress Knowledge Base documentation & wiki plugin - BasePress <= 2.17.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62760 MEDIUM
BuddyDev BuddyPress Activity Shortcode <1.1.8 - XSS
CVSS 6.5
CVE-2025-62759 MEDIUM
Series <= 2.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62758 MEDIUM
Funnelforms Free <= 3.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62146 MEDIUM
Maksym Marko MX Time Zone Clocks <5.1.1 - XSS
CVSS 6.5
CVE-2025-62137 MEDIUM
Shuttlethemes Shuttle <= 1.5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62136 MEDIUM
Melos <= 1.6.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-15374 LOW
EyouCMS < 1.7.8 - Cross-Site Scripting in Ask Module
CVSS 3.5
CVE-2025-15372 LOW
youlai/vue3-element-admin < 3.4.0 - Cross-Site Scripting in Notice Handler
CVSS 2.4
CVE-2025-15223 MEDIUM
Philipinho Simple-PHP-Blog < 2025-01-22 - Cross-Site Scripting via Username Parameter in login.php
CVSS 4.3
CVE-2025-69210 MEDIUM
FacturaScripts < 2025.7 - Authenticated Stored Cross-Site Scripting via XML File Upload
CVSS 5.4
CVE-2025-66823 MEDIUM
TrueConf Server 5.5.2.10813 - HTML Injection
CVSS 5.4
CVE-2025-66824 HIGH
TrueConf Server 5.5.2.10813 - Stored Cross-Site Scripting in Meeting Location Field
CVSS 8.7
CVE-2025-66103 MEDIUM
WPCal.io <= 0.9.5.9 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-66094 MEDIUM
Yada Wiki <= 3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64190 MEDIUM
XStore Core < 5.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-63027 MEDIUM
WBC907 Core <= 3.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62746 MEDIUM
Featured Video for WordPress/VideographyWP <1.0.18 - XSS
CVSS 6.5
CVE-2025-15249 LOW
zhujunliang3 work_platform <6bc5a50bb527ce27f7906d11ea6ec139beb79c3...
CVSS 3.5
CVE-2025-15248 LOW
sunhailin12315 product-review <91ead6890b4065bb45b7602d0d73348e75cb...
CVSS 3.5
CVE-2025-69092 MEDIUM
Essential Addons for Elementor <= 6.5.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-69089 MEDIUM
Auto Listings <= 2.7.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-69088 MEDIUM
Vidish Combo Offers WooCommerce <= 4.2 - XSS
CVSS 6.5
CVE-2025-69033 MEDIUM
A WP Life Blog Filter <= 1.7.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 44,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits