CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,139 vulnerabilities with CWE-79
CVE-2025-49893 HIGH
liseperu Elizaibots <1.0.2 - XSS
CVSS 7.1
CVE-2025-49428 HIGH
Dourou Cookie Warning < 1.3 - Stored Cross-Site Scripting
CVSS 7.5
CVE-2025-49424 HIGH
Essential Doo Components for Visual Composer <1.9 - XSS
CVSS 7.1
CVE-2025-49420 HIGH
Markup Markdown <3.20.6 - XSS
CVSS 7.1
CVE-2025-49413 HIGH
Wishloop Terms of Service &amp; Privacy Policy Generator - XSS
CVSS 7.1
CVE-2025-49412 MEDIUM
numixtech Page Transition <1.3 - XSS
CVSS 5.9
CVE-2025-49411 HIGH
Vikas Sharma iFrame Block <0.1.1 - XSS
CVSS 7.1
CVE-2025-49410 CRITICAL
Imran Emu TC Testimonials <1.1.1. - XSS
CVSS 10.0
CVE-2025-49409 CRITICAL
brewlabs SensorPress < 1.0 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-49400 CRITICAL
osama.esh WP Visitor Statistics <8.2 - XSS
CVSS 9.8
CVE-2025-49397 MEDIUM
Noor Alam Colorbox Lightbox <1.1.5 - XSS
CVSS 6.5
CVE-2025-49395 MEDIUM
Themify Icons <= 2.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49392 MEDIUM
Themify Audio Dock <= 2.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49389 MEDIUM
WEN Solutions Notice Bar <3.1.3 - XSS
CVSS 6.5
CVE-2025-48297 HIGH
quantumcloud Simple Link Directory - XSS
CVSS 7.1
CVE-2025-48296 HIGH
UpStore <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48170 HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-48168 HIGH
Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48163 HIGH
SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48162 HIGH
quantumcloud Simple Business Directory Pro <15.5.1 - XSS
CVSS 7.1
CVE-2025-48159 HIGH
LambertGroup YouTube Vimeo Video Player & Slider WP Plugin <3.8 - XSS
CVSS 7.1
CVE-2025-48154 HIGH
LambertGroup Multimedia Playlist Slider Addon - XSS
CVSS 7.1
CVE-2025-48152 HIGH
Rentsyst <= 2.0.100 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48151 HIGH
CM Map Locations <= 2.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28977 HIGH
ThimPress WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,139
Exploit Likelihood High