CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,109 vulnerabilities with CWE-79
CVE-2025-11270 MEDIUM
Gutenberg Essential Blocks <= 5.7.1 - Authenticated Stored XSS via 'titleTag'
CVSS 6.4
CVE-2025-10006 MEDIUM
WPBakery Page Builder <= 8.6 - Authenticated Stored Cross-Site Scripting via rev_slider_vc Shortcode
CVSS 6.4
CVE-2025-11937 MEDIUM
Mediawiki - SecurePoll Extension - XSS
CVE-2025-11857 MEDIUM
XX2WP Integration Tools <1.9.9 - XSS
CVSS 6.4
CVE-2025-62671 MEDIUM
MediaWiki Cargo Extension < 3.8.3 - Stored Cross-Site Scripting
CVE-2025-62670 MEDIUM
Mediawiki - FlexDiagrams Extension - XSS
CVE-2025-62667 MEDIUM
Mediawiki - GrowthExperiments Extension <1.39 - XSS
CVE-2025-62664 MEDIUM
Mediawiki - ImageRating Extension <1.39 - XSS
CVE-2025-62663 MEDIUM
Mediawiki - UploadWizard Extension <1.39 - XSS
CVE-2025-62662 MEDIUM
Mediawiki - AdvancedSearch Extension <1.39 - XSS
CVE-2025-62665 MEDIUM
Mediawiki - Skin:BlueSky <1.39 - XSS
CVE-2025-62654 LOW
MediaWiki QuizGame extension 1.39, 1.43, 1.44 - Stored Cross-Site Scripting
CVE-2025-62653 LOW
MediaWiki PollNY extension 1.39 1.43 1.44 - Stored Cross-Site Scripting
CVE-2025-62652 MEDIUM
MediaWiki WebAuthn extension 1.39 1.43 1.44 - Stored Cross-Site Scripting
CVE-2025-62508 MEDIUM
Citizen Skin 3.3.0-3.9.0 - Stored Cross-Site Scripting in Sticky Header Button Message Handling
CVSS 6.5
CVE-2025-56320 MEDIUM
Enterprise Contract Management Portal <22.4.0 - XSS
CVSS 5.4
CVE-2025-34281 MEDIUM
ThingsBoard < 4.2.1 - Authenticated Stored Cross-Site Scripting via SVG Image Upload
CVSS 5.4
CVE-2025-62430 MEDIUM
ClipBucket 5.3-5.5.2-145 - Stored Cross-Site Scripting in Video and Photo Metadata Fields
CVSS 5.4
CVE-2025-62421 MEDIUM
DataEase < 2.10.14 - Unauthenticated Stored Cross-Site Scripting via StaticResourceApi Upload Endpoint
CVSS 5.4
CVE-2025-58747 MEDIUM
Dify < 1.9.2 - Stored Cross-Site Scripting via MCP OAuth Authorization URL
CVSS 6.1
CVE-2025-48087 MEDIUM
Jason C. Memberlite Shortcodes <1.4.1 - XSS
CVSS 6.5
CVE-2025-62418 MEDIUM
Bagisto < 2.3.8 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.9
CVE-2025-62414 MEDIUM
Bagisto < 2.3.8 - Stored Cross-Site Scripting in Admin Create Customer Form
CVSS 6.9
CVE-2025-34253 MEDIUM
D-Link Nuclias Connect <= 1.3.1.4 - Authenticated Stored Cross-Site Scripting in Network Field
CVSS 5.4
CVE-2025-62413 MEDIUM
MQTTX 1.12.0 - Stored Cross-Site Scripting in MQTT Message Payload Renderer
CVSS 6.1
Details
Vulnerabilities 45,109
Exploit Likelihood High