CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-9922 MEDIUM
Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-9921 LOW
code-projects POS Pharmacy System 1.0 - Cross-Site Scripting via product_code/gen_name/product_name/supplier Parameters
CVSS 2.4
CVE-2025-56761 MEDIUM
memos 0.22 - Authenticated Stored Cross-Site Scripting via Uploaded Attachment or Avatar
CVSS 5.4
CVE-2025-55944 MEDIUM
Slink v1.4.9 - Stored Cross-Site Scripting via SVG Upload
CVSS 6.1
CVE-2025-9823 MEDIUM
Mautic 4.4.0-4.4.16, 5.0.0-alpha-5.2.7, 6.0.0-alpha-6.0.4 - Reflected Cross-Site Scripting via Tags Input Field
CVE-2025-58640 MEDIUM
MatrixAddons Document Engine <1.2 - XSS
CVSS 6.5
CVE-2025-58633 MEDIUM
Deetronix Booking Ultra Pro <1.1.21 - XSS
CVSS 6.5
CVE-2025-58632 MEDIUM
Dadevarzan WordPress Common <2.2.2 - XSS
CVSS 6.5
CVE-2025-58631 MEDIUM
IssueM <= 2.9.0 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2025-58630 MEDIUM
rbaer Simple Matomo Tracking Code <1.1.0 - XSS
CVSS 5.9
CVE-2025-58626 MEDIUM
RumbleTalk Live Group Chat <6.3.5 - XSS
CVSS 6.5
CVE-2025-58625 MEDIUM
Spiffy Plugins WP Flow Plus <5.2.5 - XSS
CVSS 5.9
CVE-2025-58624 MEDIUM
Falselight Exchange Rates <1.2.5 - XSS
CVSS 6.5
CVE-2025-58623 MEDIUM
Bohemia Plugins Event Feed <1.3.2 - XSS
CVSS 6.5
CVE-2025-58621 MEDIUM
Amuse Labs PuzzleMe for WordPress <1.2.0 - XSS
CVSS 6.5
CVE-2025-58620 MEDIUM
add-ons.org PDF for WPForms <6.2.1 - XSS
CVSS 6.5
CVE-2025-58618 MEDIUM
Pie Calendar <= 1.2.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58614 MEDIUM
Tooltipy <= 5.5.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58612 MEDIUM
PropertyHive <= 2.1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58610 MEDIUM
WP Chill Gallery PhotoBlocks <1.3.1 - XSS
CVSS 6.5
CVE-2025-58609 MEDIUM
Iulia Cazan Latest Post Shortcode <14.0.3 - XSS
CVSS 6.5
CVE-2025-58607 MEDIUM
Cookie Notice & Consent Banner - XSS
CVSS 6.5
CVE-2025-58605 MEDIUM
WP Delicious <= 1.8.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58602 MEDIUM
If-So Dynamic Content Personalization <= 1.9.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58596 MEDIUM
MailOptin <= 1.2.75.0 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 45,137
Exploit Likelihood High