CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,003 vulnerabilities with CWE-79
CVE-2025-13898 MEDIUM
Ultra Skype Button <= 1.0 - Authenticated Stored Cross-Site Scripting via btn_id Parameter
CVSS 6.4
CVE-2025-13896 MEDIUM
Social Feed Gallery Portfolio <1.3 - XSS
CVSS 6.4
CVE-2025-13894 MEDIUM
CSV Sumotto <= 1.0 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-13863 MEDIUM
RevInsite <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Token Parameter
CVSS 6.4
CVE-2025-13857 MEDIUM
Yet Another WebClap for WordPress <0.3 - XSS
CVSS 6.4
CVE-2025-13856 MEDIUM
Extra Post Images <= 1.0 - Authenticated Stored Cross-Site Scripting via 'id' Parameter
CVSS 6.4
CVE-2025-13656 MEDIUM
WordPress Cute News Ticker <1.0 - XSS
CVSS 6.4
CVE-2025-13626 MEDIUM
myLCO plugin - WordPress <0.8.1 - XSS
CVSS 6.1
CVE-2025-13308 MEDIUM
WordPress Application Passwords <0.1.3 - XSS
CVSS 5.4
CVE-2025-13137 MEDIUM
Live Sales Notification for Woocommerce - Woomotiv <= 3.6.3 - Reflected XSS via woomotiv_limit
CVSS 6.1
CVE-2025-12717 MEDIUM
List Attachments Shortcode <0.4.1a - XSS
CVSS 6.4
CVE-2025-12715 MEDIUM
Canadian Nutrition Facts Label <3.0 - XSS
CVSS 6.4
CVE-2025-12510 HIGH
Widgets for Google Reviews <13.2.4 - XSS
CVSS 7.2
CVE-2025-11263 MEDIUM
Link Whisper Free <= 0.8.8 - Unauthenticated Reflected Cross-Site Scripting via Type Parameter
CVSS 6.1
CVE-2025-66562 CRITICAL
TUUI <1.3.4 - Remote Code Execution
CVSS 9.6
CVE-2025-66554 LOW
Nextcloud <5.5.4, <6.0.6, <7.2.5 - Info Disclosure
CVSS 3.5
CVE-2025-66514 LOW
Nextcloud Mail < 5.5.3 - Authenticated Stored HTML Injection in Message List
CVSS 3.5
CVE-2025-34266 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via PluginConfig AddIns Menus
CVSS 5.4
CVE-2025-34265 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Rule Engine Fields
CVSS 5.4
CVE-2025-34264 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Software Watchdog Process Name
CVSS 5.4
CVE-2025-34263 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Dashboard Menu Configuration
CVSS 5.4
CVE-2025-34262 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Device Name Parameter
CVSS 5.4
CVE-2025-34261 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Device Groups Endpoint
CVSS 5.4
CVE-2025-34260 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Action Schedule Endpoint
CVSS 5.4
CVE-2025-34259 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via DeviceMap Building Name Parameter
CVSS 5.4
Details
Vulnerabilities 45,003
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits