CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,000 vulnerabilities with CWE-79
CVE-2025-63050 MEDIUM
REHub Framework < 19.9.9.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-63048 MEDIUM
CridioStudio ListingPro <1.0.3 - XSS
CVSS 6.5
CVE-2025-63046 MEDIUM
CridioStudio ListingPro <2.9.9 - XSS
CVSS 6.5
CVE-2025-63045 MEDIUM
averta Master Slider Pro <=3.7.12 - XSS
CVSS 6.5
CVE-2025-63044 MEDIUM
Xpro Elementor Addons <=1.4.19.1 - XSS
CVSS 6.5
CVE-2025-63042 MEDIUM
Themeum Tutor LMS Elementor Addons <3.0.1 - XSS
CVSS 6.5
CVE-2025-63037 MEDIUM
DFDevelopment Ronneby Theme Core - XSS
CVSS 6.5
CVE-2025-63035 MEDIUM
VibeThemes WPLMS <= 1.9.9.5.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-63033 MEDIUM
Make Section &amp; Column Clickable For Elementor - XSS
CVSS 5.9
CVE-2025-63011 MEDIUM
ThimPress WP Hotel Booking <2.2.8 - XSS
CVSS 5.9
CVE-2025-62082 MEDIUM
Generic Elements <= 1.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-61074 MEDIUM
adata Mitarbeiter Portal < 2.16.1 - Authenticated Stored Cross-Site Scripting via Bulletin Board Inhalt Parameter
CVSS 4.6
CVE-2025-41752 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Unauthenticated Stored Cross-Site Scripting via pxc_portSfp.php
CVSS 7.1
CVE-2025-41751 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Unauthenticated Cross-Site Scripting via pxc_portCntr.php
CVSS 7.1
CVE-2025-41750 HIGH
Phoenix Contact FL SWITCH Firmware < 3.50 - Unauthenticated Stored Cross-Site Scripting via pxc_PortCfg.php
CVSS 7.1
CVE-2025-41749 HIGH
Phoenix Contact FL SWITCH Firmware < 3.50 - Unauthenticated Cross-Site Scripting via port_util.php
CVSS 7.1
CVE-2025-41748 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Unauthenticated Cross-Site Scripting via pxc_Dot1xCfg.php
CVSS 7.1
CVE-2025-41747 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Unauthenticated Cross-Site Scripting via pxc_vlanIntfCfg.php
CVSS 7.1
CVE-2025-41746 HIGH
Phoenix Contact FL SWITCH Firmware < 3.50 - Unauthenticated Cross-Site Scripting via pxc_portSecCfg.php
CVSS 7.1
CVE-2025-41745 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Unauthenticated Stored Cross-Site Scripting via pxc_portCntr2.php
CVSS 7.1
CVE-2025-41695 HIGH
Phoenix Contact FL NAT/SWITCH Firmware < 3.50 - Cross-Site Scripting via dyn_conn.php
CVSS 7.1
CVE-2025-14284 MEDIUM
@tiptap/extension-link <2.10.4 - XSS
CVSS 6.1
CVE-2025-13604 HIGH
CleanTalk plugin <2.168 - XSS
CVSS 7.2
CVE-2025-13071 HIGH
Custom Admin Menu < 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-12705 HIGH
Social Reviews & Recommendations <2.5 - XSS
CVSS 7.2
Details
Vulnerabilities 45,000
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits