CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-54724 HIGH
Golo <= 1.7.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53579 HIGH
Captcha.eu < 1.0.61 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53289 HIGH
Theme Blvd Widget Areas <1.3.0 - XSS
CVSS 7.1
CVE-2025-53225 HIGH
e-Boekhouden.nl <= 1.9.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53224 HIGH
Koen Schuit NextGEN Gallery Search <2.12 - XSS
CVSS 7.1
CVE-2025-53223 HIGH
Theme Switcher Reloaded <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53220 HIGH
XmasB Quotes <= 1.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53215 HIGH
Yahoo! WebPlayer <= 2.0.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49407 HIGH
Houzez < 4.1.1 - Reflected Cross-Site Scripting
CVSS 8.8
CVE-2025-48365 MEDIUM
iprogrammer Custom Comment <2.1.6 - XSS
CVSS 5.9
CVE-2025-48360 MEDIUM
Varnish/Nginx Proxy Caching <1.8.4 - XSS
CVSS 5.9
CVE-2025-48358 MEDIUM
Risk Free Cash On Delivery (COD) - WooCommerce <= 1.0.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-48356 MEDIUM
Kanpress <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48354 MEDIUM
WP Smart Widgets Better Post &amp;amp; Filter Widgets for Elementor...
CVSS 6.5
CVE-2025-48352 MEDIUM
Yandex Site search pinger <= 1.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-48349 MEDIUM
origincode Video Gallery - Vimeo and YouTube Gallery <1.1.7 - XSS
CVSS 6.5
CVE-2025-48347 MEDIUM
bxSlider integration for WordPress <= 1.7.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48324 MEDIUM
khashabawy tli.tl auto Twitter poster <3.4 - XSS
CVSS 5.9
CVE-2025-48323 MEDIUM
Md Abunaser Khan Advance Food Menu <1.0 - XSS
CVSS 5.9
CVE-2025-48322 MEDIUM
Statify Widget <= 1.4.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48319 MEDIUM
Mesa Mesa Reservation Widget <1.0.0 - XSS
CVSS 5.9
CVE-2025-48316 MEDIUM
Responsive Mobile-Friendly Tooltip <1.6.6 - XSS
CVSS 6.5
CVE-2025-48315 MEDIUM
stanton119 WordPress HTML <= 0.51 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48314 MEDIUM
salubrio Add Code To Head <1.17 - XSS
CVSS 5.9
CVE-2025-48313 MEDIUM
Tripadvisor Shortcode <= 2.2 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 45,137
Exploit Likelihood High