CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-58684 MEDIUM
Themepoints Logo Showcase <3.0.9 - XSS
CVSS 6.5
CVE-2025-58683 MEDIUM
Last Updated Shortcode <1.0.1 - XSS
CVSS 6.5
CVE-2025-58682 MEDIUM
Kama Click Counter <= 4.0.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58671 HIGH
Morganrichards Auction Feed <1.1.3 - XSS
CVSS 7.1
CVE-2025-58669 MEDIUM
Modern Minds Magento 2 WordPress Integration - XSS
CVSS 5.9
CVE-2025-58665 MEDIUM
tmontg1 Form Generator <1.5.2 - XSS
CVSS 5.9
CVE-2025-58661 MEDIUM
eZee Online Hotel Booking Engine <1.0.0 - XSS
CVSS 5.9
CVE-2025-58658 MEDIUM
Proof Factor - Social Proof Notifications <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58655 MEDIUM
Mattia Roccoberton Category Featured Images <1.1.8 - XSS
CVSS 5.9
CVE-2025-58654 MEDIUM
Michel - xiligroup dev xili-language <2.21.3 - XSS
CVSS 6.5
CVE-2025-58653 MEDIUM
JSM file_get_contents() <2.7.1 - XSS
CVSS 6.5
CVE-2025-58652 MEDIUM
Themepoints Carousel Ultimate - XSS
CVSS 6.5
CVE-2025-58651 MEDIUM
PlayerJS <= 2.24 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58648 MEDIUM
Nicu Micle Simple JWT Login <3.6.4 - XSS
CVSS 6.5
CVE-2025-58647 MEDIUM
Will.I.am Simple Restaurant Menu - XSS
CVSS 5.9
CVE-2025-58646 MEDIUM
Mobi2Go <= 1.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58645 MEDIUM
Gravitate Automated Tester <1.4.5 - XSS
CVSS 5.9
CVE-2025-58271 MEDIUM
AnyClip Luminous Studio <= 1.3.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58266 MEDIUM
Gianism <= 6.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58265 MEDIUM
Stonehenge Creations Events Manager - OpenStreetMaps <4.2.1 - XSS
CVSS 6.5
CVE-2025-58264 MEDIUM
artbees JupiterX Core <4.10.1 - XSS
CVSS 6.5
CVE-2025-58263 MEDIUM
BuddyDev BuddyPress Notification Widget <1.3.3 - XSS
CVSS 6.5
CVE-2025-58260 MEDIUM
Ronald Huereca Highlight and Share - Social Text and Image Sharing ...
CVSS 6.5
CVE-2025-58257 MEDIUM
Verowa Connect <= 3.2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58256 MEDIUM
DOAJ Export <= 1.0.4 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 45,133
Exploit Likelihood High