CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-49938 MEDIUM
CrocoBlock JetEngine <= 3.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49936 MEDIUM
WoodMart < 8.3.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49934 MEDIUM
CrocoBlock JetBlocks For Elementor <= 1.3.18 - XSS
CVSS 6.5
CVE-2025-49933 MEDIUM
CrocoBlock JetBlog <= 2.4.4 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-49932 MEDIUM
CrocoBlock JetBlog <= 2.4.4.1 - XSS
CVSS 6.5
CVE-2025-49930 HIGH
CrocoBlock JetSearch <= 3.5.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49929 MEDIUM
Ultimate Blocks <= 3.3.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49928 MEDIUM
CrocoBlock JetWooBuilder <= 2.1.20 - XSS
CVSS 6.5
CVE-2025-49927 MEDIUM
CrocoBlock JetWooBuilder <= 2.1.20.1 - XSS
CVSS 6.5
CVE-2025-49923 MEDIUM
Seriously Simple Podcasting <= 3.11.1 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2025-49912 MEDIUM
Nks Email Subscription Popup <=1.2.26 - XSS
CVSS 5.9
CVE-2025-49911 HIGH
WooCommerce Vehicle Parts Finder <= 3.7 - XSS
CVSS 7.1
CVE-2025-49908 MEDIUM
WPClever WPC Countdown Timer for WooCommerce <= 3.1.4 - XSS
CVSS 6.5
CVE-2025-48098 HIGH
Ays Pro Survey Maker <=5.1.8.8 - XSS
CVSS 7.1
CVE-2025-48097 HIGH
WSAnalytics <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48095 MEDIUM
Ays Pro Survey Maker <5.1.8.8 - XSS
CVSS 5.9
CVE-2025-48093 HIGH
Calvaweb Password only login <= 0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48092 HIGH
Fix Multiple Redirects <=1.2.3 - XSS
CVSS 7.1
CVE-2025-39534 HIGH
Somonator Terms Dictionary <=1.5.1 - XSS
CVSS 7.1
CVE-2025-11966 MEDIUM
Eclipse Vert.x 4.0.0-4.5.21 and 5.0.0-5.0.4 - Stored Cross-Site Scripting via Directory Listing Filename Injection
CVSS 6.4
CVE-2025-8848 MEDIUM
librechat 0.7.9 - HTML Injection via Accept-Language Header
CVSS 5.4
CVE-2025-11952 MEDIUM
Oct8ne Chatbot 2.3 - Stored Cross-Site Scripting via Transcript Email
CVSS 6.1
CVE-2025-11883 MEDIUM
Responsive Progress Bar <= 1.0 - Authenticated Stored Cross-Site Scripting via rprogress Shortcode
CVSS 6.4
CVE-2025-11880 MEDIUM
SM CountDown Widget <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-11878 MEDIUM
ST Categories Widget <= 1.0.0 - Authenticated Stored Cross-Site Scripting via st-categories Shortcode
CVSS 6.4
Details
Vulnerabilities 45,062
Exploit Likelihood High