CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,988 vulnerabilities with CWE-79
CVE-2025-68977 MEDIUM
DesignThemes Portfolio Addon <1.6 - XSS
CVSS 6.5
CVE-2025-15355 MEDIUM
ISOinsight 2.9.0-2.9.0.250910 and 3.0.0-3.0.0.251126 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-15221 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in AppDataMigrateController
CVSS 3.5
CVE-2025-15220 MEDIUM
Sohu CacheCloud < 3.2 - Cross-Site Scripting in LoginController init Function
CVSS 4.3
CVE-2025-15219 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in MachineManageController
CVSS 3.5
CVE-2025-15214 LOW
Campcodes Park Ticketing System 1.0 - Cross-Site Scripting in save_pricing Function
CVSS 2.4
CVE-2025-68499 MEDIUM
Crocoblock JetTabs <= 2.2.12 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23554 HIGH
Jakub Glos Off Page SEO <3.0.3 - XSS
CVSS 7.1
CVE-2025-23550 HIGH
Kemal YAZICI Product Puller <1.5.1 - XSS
CVSS 7.1
CVE-2025-23469 HIGH
Sleekplan <= 0.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23458 HIGH
Rakessh Ads24 Lite <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-68607 MEDIUM
Hiroaki Miyashita Custom Field Template <2.7.5 - XSS
CVSS 6.5
CVE-2025-68504 MEDIUM
Crocoblock JetSearch <= 3.5.16 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-15204 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in QuartzManageController
CVSS 2.4
CVE-2025-15203 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in ResourceController Index Function
CVSS 2.4
CVE-2025-15202 LOW
CacheCloud < 3.2 - Cross-Site Scripting in Task Queue List
CVSS 2.4
CVE-2025-15201 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in WebResourceController redirectNoPower Function
CVSS 3.5
CVE-2025-15200 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in AppClientDataShowController
CVSS 2.4
CVE-2025-55064 MEDIUM
Priority Web <= 24.1 - Cross-Site Scripting
CVSS 4.8
CVE-2025-55063 MEDIUM
Priority Web <= 23.0 - Cross-Site Scripting
CVSS 4.8
CVE-2025-55062 MEDIUM
Priority Web <= 23.0 - Cross-Site Scripting
CVSS 4.8
CVE-2025-68868 MEDIUM
Codeaffairs Wp Text Slider Widget - XSS
CVSS 6.5
CVE-2025-68951 MEDIUM
phpMyFAQ 4.0.14-4.0.15 - Stored Cross-Site Scripting via User Display Name
CVSS 5.4
CVE-2025-68879 HIGH
Councilsoft Content Grid Slider <1.5 - XSS
CVSS 7.1
CVE-2025-68878 HIGH
Prasadkirpekar Advanced Custom CSS <1.1.0 - XSS
CVSS 7.1
Details
Vulnerabilities 44,988
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits