CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,141 vulnerabilities with CWE-79
CVE-2025-49898 HIGH
Dropshix <= 4.0.14 - DOM-Based Cross-Site Scripting
CVSS 7.6
CVE-2025-55203 MEDIUM
Plane < 0.28.0 - Stored Cross-Site Scripting in Description HTML Field
CVSS 5.4
CVE-2025-8720 MEDIUM
WordPress Plugin README Parser <1.3.15 - XSS
CVSS 6.4
CVE-2025-8080 MEDIUM
Alobaidi Captcha <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2025-5844 MEDIUM
Radius Blocks WordPress Gutenberg Blocks <= 2.2.1 - Authenticated Stored XSS via subHeadingTagName
CVSS 6.4
CVE-2025-8604 MEDIUM
WP Table Builder - WordPress Table Plugin <= 2.0.12 - Authenticated Stored Cross-Site Scripting via wptb Shortcode
CVSS 6.4
CVE-2025-9017 MEDIUM
PHPGurukul Zoo Management System 2.1 - Cross-Site Scripting via visitorname Parameter
CVSS 4.3
CVE-2025-8451 MEDIUM
Essential Addons for Elementor - WordPress <= 6.2.2 - XSS
CVSS 6.4
CVE-2025-9003 LOW
Dlink Dir-818lw Firmware - Code Injection
CVSS 3.5
CVE-2025-8867 MEDIUM
Graphina - Elementor Charts and Graphs <3.1.3 - XSS
CVSS 6.4
CVE-2025-51965 MEDIUM
OURPHP <= 8.6.1 - Cross-Site Scripting via Complete Profile Name Field
CVSS 6.1
CVE-2025-8976 LOW
Vvveb < 1.0.6 - Cross-Site Scripting via /vadmin123/index.php Endpoint
CVSS 3.5
CVE-2025-8975 LOW
Vvveb < 1.0.6 - Cross-Site Scripting via slug Parameter in admin/template/content/edit.tpl
CVSS 3.5
CVE-2025-55714 MEDIUM
Crocoblock JetElements For Elementor <2.7.9 - XSS
CVSS 6.5
CVE-2025-55713 MEDIUM
Blocksy <= 2.1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-55711 MEDIUM
WP Table Builder <= 2.0.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-55709 MEDIUM
Visual Composer Website Builder - XSS
CVSS 6.5
CVE-2025-54749 MEDIUM
Crocoblock JetProductGallery <2.2.0.2 - XSS
CVSS 6.5
CVE-2025-54747 MEDIUM
Templatera <= 2.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54746 MEDIUM
cartpauj Shortcode Redirect <1.0.02 - XSS
CVSS 6.5
CVE-2025-54740 MEDIUM
Michael Nelson Print My Blog <3.27.9 - XSS
CVSS 6.5
CVE-2025-54729 MEDIUM
Webba Booking <= 6.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54727 MEDIUM
CM On Demand Search And Replace <1.5.2 - XSS
CVSS 5.9
CVE-2025-54708 MEDIUM
B Blocks < 2.0.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54054 MEDIUM
12 Step Meeting List <= 3.18.3 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,141
Exploit Likelihood High