CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,122 vulnerabilities with CWE-79
CVE-2025-8726 MEDIUM
WP Photo Album Plus <9.0.11.006 - XSS
CVSS 5.4
CVE-2025-61681 MEDIUM
KUNO CMS < 1.3.14 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53354 MEDIUM
NiceGUI < 3.0.0 - Cross-Site Scripting via ui.html()
CVSS 6.1
CVE-2025-52653 HIGH
HCL MyXalytics - Cross-Site Scripting
CVSS 7.6
CVE-2025-60454 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Image Management Module
CVSS 6.1
CVE-2025-60453 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Column Management Module
CVSS 6.1
CVE-2025-60452 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Download Module
CVSS 6.1
CVE-2025-60451 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Website Settings Module
CVSS 6.1
CVE-2025-60450 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60448 MEDIUM
Emlog Pro 2.5.19 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60447 MEDIUM
Emlog Pro 2.5.19 - Stored Cross-Site Scripting in Email Template Configuration
CVSS 5.9
CVE-2025-60445 MEDIUM
XunRuiCMS 4.7.1 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-9876 MEDIUM
Ird Slider <= 1.0.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-9875 MEDIUM
WordPress Event Tickets <1.0.2 - XSS
CVSS 6.4
CVE-2025-9859 MEDIUM
WordPress Fintelligence Calculator <1.0.3 - XSS
CVSS 6.4
CVE-2025-9858 MEDIUM
WordPress Auto Bulb Finder <2.8.0 - XSS
CVSS 6.4
CVE-2025-9854 MEDIUM
A Simple Multilanguage Plugin <1.0 - XSS
CVSS 6.4
CVE-2025-9372 MEDIUM
WordPress Multi Design Video Carousel <1.4 - XSS
CVSS 5.5
CVE-2025-9333 MEDIUM
Smart Docs <= 1.1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2025-9332 MEDIUM
WordPress Interactive Human Anatomy <2.6 - XSS
CVSS 5.5
CVE-2025-9206 MEDIUM
Meks Easy Maps <= 2.1.4 - Authenticated Stored Cross-Site Scripting via Post Title Field
CVSS 6.4
CVE-2025-9204 MEDIUM
X Addons for Elementor <1.0.14 - XSS
CVSS 6.4
CVE-2025-9130 MEDIUM
Unify < 3.4.7 - Authenticated Stored Cross-Site Scripting via unify_checkout Shortcode
CVSS 6.4
CVE-2025-9129 MEDIUM
Flexi - Guest Submit <= 4.28 - Authenticated Stored Cross-Site Scripting via flexi-form-tag Shortcode
CVSS 6.4
CVE-2025-9080 MEDIUM
Generic Elements < 1.2.8 - Authenticated Stored Cross-Site Scripting via Widget Fields
CVSS 6.4
Details
Vulnerabilities 45,122
Exploit Likelihood High