CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,973 vulnerabilities with CWE-79
CVE-2025-69020 MEDIUM
Tribulant Software Newsletters <4.12 - XSS
CVSS 6.5
CVE-2025-69019 MEDIUM
FlippingBook <= 2.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-69018 MEDIUM
Shamalli Web Directory Free <= 1.7.12 - XSS
CVSS 6.5
CVE-2025-69017 MEDIUM
Magnigenie RestroPress <3.2.4.2 - XSS
CVSS 6.5
CVE-2025-69008 MEDIUM
Inboxify Sign Up Form <= 1.0.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-69007 MEDIUM
OTWthemes Popping Sidebars and Widgets Light <=1.27 - XSS
CVSS 5.9
CVE-2025-69006 MEDIUM
AM Events <= 1.13.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-68992 MEDIUM
BWL Knowledge Base Manager <= 1.6.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-68991 MEDIUM
xenioushk BWL Pro Voting Manager <1.4.9 - XSS
CVSS 6.5
CVE-2025-68978 MEDIUM
DesignThemes Core <= 1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-68977 MEDIUM
DesignThemes Portfolio Addon <1.6 - XSS
CVSS 6.5
CVE-2025-15355 MEDIUM
ISOinsight 2.9.0-2.9.0.250910 and 3.0.0-3.0.0.251126 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-15221 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in AppDataMigrateController
CVSS 3.5
CVE-2025-15220 MEDIUM
Sohu CacheCloud < 3.2 - Cross-Site Scripting in LoginController init Function
CVSS 4.3
CVE-2025-15219 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in MachineManageController
CVSS 3.5
CVE-2025-15214 LOW
Campcodes Park Ticketing System 1.0 - Cross-Site Scripting in save_pricing Function
CVSS 2.4
CVE-2025-68499 MEDIUM
Crocoblock JetTabs <= 2.2.12 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23554 HIGH
Jakub Glos Off Page SEO <3.0.3 - XSS
CVSS 7.1
CVE-2025-23550 HIGH
Kemal YAZICI Product Puller <1.5.1 - XSS
CVSS 7.1
CVE-2025-23469 HIGH
Sleekplan <= 0.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23458 HIGH
Rakessh Ads24 Lite <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68607 MEDIUM
Hiroaki Miyashita Custom Field Template <2.7.5 - XSS
CVSS 6.5
CVE-2025-68504 MEDIUM
Crocoblock JetSearch <= 3.5.16 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-15204 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in QuartzManageController
CVSS 2.4
CVE-2025-15203 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in ResourceController Index Function
CVSS 2.4
Details
Vulnerabilities 44,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits