CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,003 vulnerabilities with CWE-79
CVE-2025-34258 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via DeviceMap Plan Name Parameter
CVSS 5.4
CVE-2025-34257 MEDIUM
Advantech WISE-DeviceOn Server < 5.4 - Authenticated Stored Cross-Site Scripting via Action Defined Endpoint
CVSS 5.4
CVE-2025-66512 MEDIUM
Nextcloud Server <31.0.12-32.0.3 - Info Disclosure
CVSS 5.4
CVE-2025-64054 CRITICAL
Fanvil x210 Firmware 2.12.20 - Reflected Cross-Site Scripting via Webconfig Upload Endpoint
CVSS 9.6
CVE-2025-13739 MEDIUM
CryptX <= 4.0.5 - Authenticated Stored Cross-Site Scripting via cryptx Shortcode
CVSS 6.4
CVE-2025-13682 MEDIUM
Trail Manager <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-13678 MEDIUM
Thai Lottery Widget <= 2.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-13614 HIGH
Cool Tag Cloud <= 2.29 - Authenticated Stored Cross-Site Scripting via 'cool_tag_cloud' Shortcode
CVSS 8.1
CVE-2025-13515 MEDIUM
Nouri.sh Newsletter <= 1.0.1.3 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2025-12186 MEDIUM
Weekly Planner <= 1.0 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-13860 MEDIUM
Easy Jump Links Menus <= 1.0.0 - Authenticated Stored Cross-Site Scripting via h_tags Parameter
CVSS 6.4
CVE-2025-13625 MEDIUM
WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2025-13623 MEDIUM
Twitscription WordPress <0.1.1 - XSS
CVSS 6.1
CVE-2025-13622 MEDIUM
Jabbernotification plugin - WordPress <0.99-RC2 - XSS
CVSS 6.1
CVE-2025-13512 MEDIUM
CoSign Single Signon <= 0.3.1 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2025-12368 MEDIUM
WordPress Sermon Manager <2.30.0 - XSS
CVSS 6.4
CVE-2025-12191 MEDIUM
PDF Catalog for WooCommerce <1.1.18 - XSS
CVSS 5.4
CVE-2025-12163 MEDIUM
Omnipress <= 1.6.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-12124 MEDIUM
FitVids for WordPress <= 4.0.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12417 MEDIUM
SurveyFunnel WordPress Plugin <=1.1.5 - Authenticated Stored XSS via surveyfunnel_lite_survey Shortcode
CVSS 6.4
CVE-2025-12804 MEDIUM
Booking Calendar <= 10.14.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-66563 MEDIUM
monkeytype < 25.49.0 - Stored Cross-Site Scripting via Quote Submission
CVSS 6.1
CVE-2025-66561 HIGH
sysreptor < 2025.102 - Authenticated Stored Cross-Site Scripting via Malicious JavaScript File Upload
CVSS 7.3
CVE-2025-6946 MEDIUM
WatchGuard Fireware 12.0-12.11.2 - Authenticated Stored Cross-Site Scripting in IPS Module
CVSS 4.8
CVE-2025-13939 MEDIUM
WatchGuard Fireware 11.7.2-11.12.4+541730 12.0-12.11.4 12.5-12.5.13 2025.1-2025.1.2 - Stored Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 45,003
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits