CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,048 vulnerabilities with CWE-79
CVE-2025-11733 HIGH
Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 7.2
CVE-2025-12324 MEDIUM
TablePress - WordPress <3.2.3 - XSS
CVSS 6.4
CVE-2025-11841 MEDIUM
Greenshift - WordPress <12.2.7 - XSS
CVSS 6.4
CVE-2025-43440 MEDIUM
Safari < 26.1 - Cross-Site Scripting
CVSS 6.5
CVE-2025-43338 HIGH
macOS Tahoe <26 - Memory Corruption
CVSS 7.1
CVE-2025-36172 MEDIUM
IBM Cloud Pak for Business Automation Stored XSS (24.0.0-24.0.1, 25.0.0)
CVSS 6.4
CVE-2025-63593 MEDIUM
Grav CMS 1.7.49.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-63441 HIGH
Open Source Social Network 8.6 - Cross-Site Scripting via Administrator Friends Endpoint
CVSS 7.3
CVE-2025-50363 MEDIUM
Phpgurukul Maid Hiring Management System 1.0 - XSS
CVSS 5.4
CVE-2025-10280 HIGH
SailPoint IdentityIQ < 8.3 - Cross-Site Scripting via Incorrect Content-Type Header
CVSS 7.1
CVE-2025-63450 MEDIUM
Car-Booking-System-PHP 1.0 - Cross-Site Scripting in Booking Page
CVSS 5.4
CVE-2025-63449 MEDIUM
Water Management System 1.0 - Cross-Site Scripting in /orders.php
CVSS 5.4
CVE-2025-63448 MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in /edit_product.php
CVSS 6.1
CVE-2025-63447 MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in add_customer.php
CVSS 6.1
CVE-2025-63446 MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in /add_vendor.php
CVSS 6.1
CVE-2025-60503 HIGH
UltimatePOS 4.8 - Authenticated Stored Cross-Site Scripting via Purchase Reference No. Field
CVSS 8.7
CVE-2025-63443 MEDIUM
School Management System PHP v1.0 - XSS
CVSS 5.4
CVE-2025-63442 MEDIUM
Simple User Management System with PHP-MySQL v1.0 - XSS
CVSS 4.6
CVE-2025-6988 MEDIUM
KALLYAS WordPress Theme <= 4.23.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2025-12090 MEDIUM
Employee Spotlight & Meet the Team Plugin <5.1.2 - XSS
CVSS 6.4
CVE-2025-11502 MEDIUM
Schema & Structured Data for WP & AMP <1.51 - XSS
CVSS 6.4
CVE-2025-12118 MEDIUM
Schema Scalpel <= 1.6.1 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 6.4
CVE-2025-11995 HIGH
WordPress Community Events <1.5.2 - XSS
CVSS 7.2
CVE-2025-11927 MEDIUM
The Flying Images: Optimize and Lazy Load Images for Faster Page Sp...
CVSS 4.4
CVE-2025-11928 MEDIUM
WordPress CSS & JavaScript Toolbox <12.0.5 - XSS
CVSS 4.4
Details
Vulnerabilities 45,048
Exploit Likelihood High