CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,988 vulnerabilities with CWE-79
CVE-2025-62094 MEDIUM
Void Elementor WHMCS Elements For Elementor Page Builder <2.0.1.2 -...
CVSS 6.5
CVE-2025-62926 MEDIUM
HappyDevs TempTool <= 1.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62901 MEDIUM
WP Microdata <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-14855 HIGH
SureForms <= 2.2.0 - Unauthenticated Stored XSS via Form Field Parameters
CVSS 7.2
CVE-2025-9343 HIGH
ELEX WordPress HelpDesk & Customer Ticketing System <3.3.4 - XSS
CVSS 7.2
CVE-2025-14991 LOW
Campcodes Complete Online Beauty Parlor Management System 1.0 - Cross-Site Scripting via fromdate Parameter
CVSS 2.4
CVE-2025-13693 MEDIUM
WordPress Image Photo Gallery Final Tiles Grid <3.6.8 - XSS
CVSS 6.4
CVE-2025-13220 MEDIUM
Ultimate Member < 2.11.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-12398 MEDIUM
Product Table for WooCommerce <5.0.8 - XSS
CVSS 6.1
CVE-2025-14054 MEDIUM
WC Builder - WooCommerce Page Builder for WPBakery <1.2.0 - XSS
CVSS 4.4
CVE-2025-13838 MEDIUM
WishSuite - Wishlist for WooCommerce <= 1.5.1 - Authenticated Stored Cross-Site Scripting via button_text Parameter
CVSS 6.4
CVE-2025-11496 MEDIUM
Five Star Restaurant Reservations - WordPress Booking Plugin <2.7.5...
CVSS 6.1
CVE-2025-14298 MEDIUM
FiboSearch - WooCommerce <1.32.0 - XSS
CVSS 5.4
CVE-2025-14721 MEDIUM
Responsive and Swipe slider plugin <1.0.2 - XSS
CVSS 5.5
CVE-2025-13624 MEDIUM
Overstock Affiliate Links <1.1 - XSS
CVSS 6.1
CVE-2025-12581 MEDIUM
Attachments Handler plugin - WordPress <1.1.8 - XSS
CVSS 6.1
CVE-2025-67712 MEDIUM
Esri ArcGIS Web AppBuilder dev <2.30 - XSS
CVSS 4.7
CVE-2025-14962 MEDIUM
Simple Stock System 1.0 - Cross-Site Scripting in /market/chatuser.php
CVSS 4.3
CVE-2025-68457 MEDIUM
Orejime < 2.3.2 - Cross-Site Scripting via Data Attribute Conversion
CVSS 6.1
CVE-2025-66580 CRITICAL
Dive < 0.11.1 - Stored Cross-Site Scripting and Remote Code Execution via Mermaid Diagram Rendering
CVSS 9.6
CVE-2025-14151 HIGH
SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting via outbound_resource Parameter
CVSS 7.2
CVE-2025-11747 MEDIUM
Colibri Page Builder <1.0.345 - XSS
CVSS 6.4
CVE-2025-66522 MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting in Digital IDs Common Name Field
CVSS 6.3
CVE-2025-66521 MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting in Trusted Certificates Feature
CVSS 6.3
CVE-2025-66520 MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting via Portfolio SVG Upload
CVSS 6.3
Details
Vulnerabilities 44,988
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits