CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,028 vulnerabilities with CWE-79
CVE-2025-64176 MEDIUM
ThinkDashboard < 0.6.8 - Unrestricted File Upload via Backup Import Feature
CVSS 5.3
CVE-2025-64174 MEDIUM
OpenMage Magento < 20.16.0 - Stored Cross-Site Scripting in Admin Notification Grid Actions Renderer
CVSS 4.8
CVE-2025-12486 HIGH
Heimdall Data Database Proxy >=23.11.06.1 <23.11.06.1 - Remote Code Execution via Database Event Log Handling
CVSS 8.8
CVE-2025-34237 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Stored Cross-Site Scripting via StandaloneVpnClientsController
CVSS 5.4
CVE-2025-34236 MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Stored Cross-Site Scripting via NetworksController.addNetworkAction()
CVSS 5.4
CVE-2025-63589 HIGH
CMSimple_XH 1.8 - Reflected Cross-Site Scripting via URL Path Segments
CVSS 7.1
CVE-2025-63588 HIGH
CMSimpleXH - Unauthenticated Reflected Cross-Site Scripting via Query Handling
CVSS 7.1
CVE-2025-64232 HIGH
icopydoc Import from YML <= 3.1.17 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64224 HIGH
ThemeGoods Grand Conference Theme Custom Post Type < 2.6.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64198 HIGH
appscreo Easy Social Share Buttons <10.7.1 - XSS
CVSS 7.1
CVE-2025-64196 HIGH
Booster for WooCommerce <= 7.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-63307 HIGH
alexusmai laravel-file-manager 3.3.1 - XSS
CVSS 8.1
CVE-2025-62076 HIGH
Simple Payment <= 2.4.6 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62074 HIGH
WPMobile.App <= 11.71 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62059 HIGH
Brainstorm Force SureRank <=1.3.2 - XSS
CVSS 7.1
CVE-2025-62057 HIGH
Houzez Theme - Functionality < 4.2.0 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62051 MEDIUM
AndonDesign UDesign Core <= 4.14.1 - XSS
CVSS 6.5
CVE-2025-62044 MEDIUM
CodexThemes TheGem Theme Elements - XSS
CVSS 6.5
CVE-2025-62041 HIGH
TheGem (Elementor) <= 5.10.5.1 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62040 HIGH
YOP Poll <= 6.5.37 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62036 HIGH
Togo < 1.0.4 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62032 MEDIUM
tagDiv Cloud Library < 3.9.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62031 HIGH
tagDiv Composer <= 5.4.1 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62030 MEDIUM
tagDiv Composer <= 5.4.1 - Cross-Site Scripting
CVSS 6.5
CVE-2025-62012 MEDIUM
TheGem (Elementor) <= 5.10.5 - Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,028
Exploit Likelihood High