CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-11872 MEDIUM
Material Design Iconic Font Integration <2 - XSS
CVSS 6.4
CVE-2025-11870 MEDIUM
Simple Business Data <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-11867 MEDIUM
Bg Book Publisher <= 1.25 - Authenticated Stored Cross-Site Scripting via book_author Post Meta
CVSS 6.4
CVE-2025-11866 MEDIUM
Photographers galleries <1.1.8 - XSS
CVSS 6.4
CVE-2025-11834 MEDIUM
WP AD Gallery <= 1.3 - Authenticated Stored Cross-Site Scripting via 'startindex' Parameter
CVSS 6.4
CVE-2025-11830 MEDIUM
WP Restaurant Listings <1.0.2 - XSS
CVSS 6.4
CVE-2025-11827 MEDIUM
Oboxmedia Ads <= 1.9.8 - Authenticated Stored Cross-Site Scripting via Widget Parameters
CVSS 6.4
CVE-2025-11825 MEDIUM
Playerzbr <= 1.6 - Authenticated Stored Cross-Site Scripting via urlmeta Post Meta Field
CVSS 6.4
CVE-2025-11824 MEDIUM
Cinza Grid plugin for WordPress < 1.2.2 - XSS
CVSS 6.4
CVE-2025-11819 MEDIUM
WP-Thumbnail <= 1.1 - Authenticated Stored Cross-Site Scripting via roboshot Shortcode
CVSS 6.4
CVE-2025-11818 MEDIUM
WP Responsive Meet The Team <1.0.1 - XSS
CVSS 6.4
CVE-2025-11817 MEDIUM
Simple Tableau Viz <= 2.0 - Authenticated Stored Cross-Site Scripting via 'tableau' Shortcode
CVSS 6.4
CVE-2025-11813 MEDIUM
Responsive iframe GoogleMap <1.0.2 - XSS
CVSS 6.4
CVE-2025-11811 MEDIUM
Simple Youtube Shortcode <1.1.3 - XSS
CVSS 6.4
CVE-2025-11810 MEDIUM
Print Button Shortcode plugin for WordPress <1.0.2 - XSS
CVSS 6.4
CVE-2025-11809 MEDIUM
WP-Force Images Download <1.8 - XSS
CVSS 6.4
CVE-2025-11807 MEDIUM
Mixlr Shortcode plugin <1.0.1 - XSS
CVSS 6.4
CVE-2025-11804 MEDIUM
JB News Ticker <= 1.0 - Authenticated Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2025-10138 MEDIUM
This-or-That < 1.0.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-12033 MEDIUM
Simple Banner < 3.0.10 - Authenticated Stored Cross-Site Scripting via pro_version_activation_code Parameter
CVSS 4.4
CVE-2025-10651 MEDIUM
Welcart e-Commerce <= 2.11.22 - Authenticated Stored Cross-Site Scripting via Order Mail Setting
CVSS 5.5
CVE-2025-62249 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 and Liferay DXP 2023.Q4.0-2023.Q4.10 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-61457 MEDIUM
code16 sharp < 9.7.0 - Cross-Site Scripting in SharpFormUploadField
CVSS 6.1
CVE-2025-61255 MEDIUM
Bank Locker Management System - XSS
CVSS 6.1
CVE-2025-60507 HIGH
Moodle GeniAI Plugin 2.3.6 - Authenticated Stored Cross-Site Scripting via PDF Upload
CVSS 8.9
Details
Vulnerabilities 45,062
Exploit Likelihood High