CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,144 vulnerabilities with CWE-79
CVE-2025-27326 MEDIUM
bPlugins Video Gallery Block <1.1.0 - XSS
CVSS 6.5
CVE-2025-26591 MEDIUM
WP fancybox <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24764 MEDIUM
(Simply) Guest Author Name <4.36 - XSS
CVSS 6.5
CVE-2025-24735 HIGH
Chatra Live Chat+Cart Saver <1.0.11 - XSS
CVSS 7.7
CVE-2025-6673 MEDIUM
WordPress Easy restaurant menu manager <2.0.1 - XSS
CVSS 6.4
CVE-2025-53599 CRITICAL
Whale < 3.9.1.4206 - Cross-Site Scripting via JavaScript Scheme
CVSS 9.8
CVE-2025-6944 MEDIUM
Uncode Core <= 2.9.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-7053 LOW
Cockpit < 2.11.4 - Cross-Site Scripting via User Save Endpoint
CVSS 3.5
CVE-2025-7046 MEDIUM
PowerFolio < 3.2.1 - Authenticated Stored Cross-Site Scripting via Custom JS Attributes
CVSS 6.4
CVE-2025-6787 MEDIUM
Smart Docs < 1.1.0 - Authenticated Stored Cross-Site Scripting via smartdocs_search Shortcode
CVSS 6.4
CVE-2025-6039 MEDIUM
ProcessingJS for WordPress <1.2.2 - XSS
CVSS 6.4
CVE-2025-5567 MEDIUM
Shortcodes Ultimate <= 7.4.0 - Authenticated Stored XSS via data-url
CVSS 6.4
CVE-2025-53370 HIGH
Citizen 1.9.4-3.3.9 - Stored Cross-Site Scripting via ShortDescription Extension
CVSS 8.6
CVE-2025-53369 HIGH
ShortDescription 4.0.0 - Stored Cross-Site Scripting via mw.util.addSubtitle
CVSS 8.6
CVE-2025-53368 HIGH
Citizen 1.9.4-3.4.0 - Stored Cross-Site Scripting via Old Search Bar
CVSS 8.6
CVE-2025-53500 MEDIUM
Mediawiki - MassEditRegex Ext <1.39.12-1.43.2 - XSS
CVSS 5.6
CVE-2025-53489 MEDIUM
Mediawiki - GoogleDocs4MW Ext <1.42.7-1.43.2 - XSS
CVSS 5.6
CVE-2025-53490 MEDIUM
Mediawiki - CampaignEvents Extension <1.43.2 - XSS
CVSS 5.6
CVE-2025-45938 MEDIUM
Akeles Out of Office Assistant for Jira 4.0.1 - Cross-Site Scripting via Jira fullName Parameter
CVSS 5.4
CVE-2025-49032 MEDIUM
PublishPress Gutenberg Blocks <3.3.1 - XSS
CVSS 6.5
CVE-2025-2537 MEDIUM
WpDevArt YouTube Embed <= Authenticated Stored XSS via ThickBox
CVSS 6.4
CVE-2025-40723 MEDIUM
Flatboard Pro < 3.2.2 - Stored Cross-Site Scripting via Footer Text and Announcement Parameters
CVE-2025-40722 MEDIUM
Flatboard Pro < 3.2.2 - Stored Cross-Site Scripting via Replace Parameter in Tags Configuration
CVE-2025-2540 MEDIUM
Awesome Wp Image Gallery <1.0 - Authenticated Stored Cross-Site Scripting via prettyPhoto Library
CVSS 6.4
CVE-2025-27448 MEDIUM
meac300-fnade4_firmware < 0.16.0 - Stored Cross-Site Scripting via Dashboard Name
CVSS 6.8
Details
Vulnerabilities 45,144
Exploit Likelihood High