CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,028 vulnerabilities with CWE-79
CVE-2025-11828 MEDIUM
Magazine Companion <= 1.2.3 - Authenticated Stored Cross-Site Scripting via headerHtmlTag Attribute
CVSS 6.4
CVE-2025-11822 MEDIUM
WP Bootstrap Tabs <= 1.0.4 - Authenticated Stored Cross-Site Scripting via 'bootstrap_tab' Shortcode
CVSS 6.4
CVE-2025-11821 MEDIUM
WooCommerce - Products By Custom Tax <2.2 - XSS
CVSS 6.4
CVE-2025-11805 MEDIUM
WordPress Skip to Timestamp <1.4.4 - XSS
CVSS 6.4
CVE-2025-11129 MEDIUM
Include Fussball.de Widgets <4.0.0 - XSS
CVSS 6.4
CVE-2025-42886 MEDIUM
SAP Business Connector - Reflected Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-11892 CRITICAL
GitHub Enterprise Server DOM-based XSS via Issues Search Label Filter
CVSS 9.6
CVE-2025-64501 HIGH
prosemirror_to_html < 0.2.1 - Cross-Site Scripting via HTML Attribute Values
CVSS 7.6
CVE-2025-64167 HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via URL Parameter
CVSS 7.1
CVE-2025-62780 LOW
changedetection.io < 0.50.34 - Stored Cross-Site Scripting via Watch Update API
CVSS 3.5
CVE-2025-48065 HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via Error Field Content
CVSS 8.8
CVE-2025-48055 HIGH
Combodo iTop < 3.2.2 - Cross-Site Scripting in User Portal Browse Brick
CVSS 8.5
CVE-2025-47932 HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via Dashboard AJAX Rendering
CVSS 8.8
CVE-2025-47773 HIGH
Combodo iTop < 2.7.13 - Stored Cross-Site Scripting via Dashboard Edit AJAX Call
CVSS 8.8
CVE-2025-63834 MEDIUM
Tenda AC18 <15.03.05.05_multi - XSS
CVSS 5.4
CVE-2025-63709 MEDIUM
SourceCodester Simple To-Do List System 1.0 - XSS
CVSS 5.4
CVE-2025-41001 MEDIUM
SOPlanning 1.53.02 - Stored Cross-Site Scripting via LOGOUT_REDIRECT Parameter
CVSS 5.4
CVE-2025-41107 MEDIUM
Smart School 7.0 - Stored Cross-Site Scripting via Online Admission POST Parameters
CVSS 5.4
CVE-2025-12920 LOW
FoxCMS < 1.2.16 - Cross-Site Scripting via Product Title Parameter
CVSS 2.4
CVE-2025-12837 MEDIUM
aThemes Addons for Elementor <1.1.5 - XSS
CVSS 6.4
CVE-2025-12643 MEDIUM
Saphali LiqPay for donate <= 1.0.2 - Authenticated Stored Cross-Site Scripting via 'saphali_liqpay' Shortcode
CVSS 6.4
CVE-2025-12193 MEDIUM
Mang Board WP <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting via 'mp' Parameter
CVSS 6.1
CVE-2025-12125 MEDIUM
HTML Forms - Simple WordPress Forms Plugin <1.5.5 - XSS
CVSS 4.4
CVE-2025-12112 MEDIUM
Insert Headers and Footers Code - HT Script <= 1.1.6 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-12064 MEDIUM
WP2Social Auto Publish <2.4.7 - XSS
CVSS 6.1
Details
Vulnerabilities 45,028
Exploit Likelihood High