CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,028 vulnerabilities with CWE-79
CVE-2025-62011 MEDIUM
TheGem <= 5.10.5 - Cross-Site Scripting
CVSS 6.5
CVE-2025-59556 HIGH
GoStore < 1.6.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-58964 HIGH
skygroup Enzy < 1.6.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-58638 HIGH
e-plugins Institutions Directory <=1.3.3 - XSS
CVSS 7.1
CVE-2025-54737 HIGH
NooTheme Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54722 HIGH
WooTour <= 3.6.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54721 HIGH
ThimPress Resca <= 3.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54718 HIGH
NooTheme Yogi - Health Beauty & Yoga <= 2.9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53585 HIGH
NooTheme WeMusic <= 1.9.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53574 HIGH
ptibogxiv Doliconnect <=9.3.2 - XSS
CVSS 7.1
CVE-2025-53573 HIGH
Epic Review <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53349 HIGH
Laborator Kalium <= 3.18.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53324 HIGH
Gutenify <= 1.5.7 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-53286 HIGH
Jhainey Milevis Dropify <4.6.9 - XSS
CVSS 7.1
CVE-2025-53245 HIGH
Afzal Multani WP Logo Changer <1.3 - XSS
CVSS 7.1
CVE-2025-53239 HIGH
bnovotny User Registration Aide <= 1.5.3.8 - XSS
CVSS 7.1
CVE-2025-52764 HIGH
flexoslider <= 1.0004 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49909 HIGH
Penci Bookmark & Follow < 2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49905 HIGH
Range Slider Addon for Gravity Forms <1.1.7 - XSS
CVSS 7.1
CVE-2025-49904 HIGH
Booking and Rental Manager <2.5.3 - XSS
CVSS 7.1
CVE-2025-49390 HIGH
Cookie Notice & Consent <= 1.6.4 - XSS
CVSS 7.1
CVE-2025-31029 HIGH
bingu replyMail <= 1.2.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-36054 MEDIUM
IBM Business Automation Workflow & Process Federation Server Unauthenticated Stored XSS
CVSS 6.1
CVE-2025-11956 HIGH
Proliz Software Ltd. Co. OBS <25.0401 - XSS
CVSS 8.9
CVE-2025-10955 MEDIUM
Netcad Software Inc. Netigma <6.3.5 V8 - XSS
CVSS 6.1
Details
Vulnerabilities 45,028
Exploit Likelihood High