CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-40733 MEDIUM
Daily Expense Manager 1.0 - Reflected Cross-Site Scripting via Login Username Parameter
CVSS 6.1
CVE-2025-5730 MEDIUM
Contact Form Plugin < 1.1.29 - Stored Cross-Site Scripting in Settings
CVSS 4.3
CVE-2025-3745 MEDIUM
WP Lightbox 2 < 3.0.6.8 - Cross-Site Scripting via Link Title Attribute
CVSS 6.3
CVE-2025-6849 LOW
Simple Forum 1.0 - Cross-Site Scripting via forum_edit1.php Text Parameter
CVSS 3.5
CVE-2025-6462 MEDIUM
EZ SQL Reports <= 5.25.11 - Authenticated Stored XSS via SQLREPORT Shortcode
CVSS 6.4
CVE-2025-6252 MEDIUM
Qi Addons For Elementor <1.9.1 - XSS
CVSS 6.4
CVE-2025-6350 MEDIUM
Rextheme WP VR < 8.5.33 - XSS
CVSS 6.4
CVE-2025-6778 LOW
Food Distributor Site 1.0 - Cross-Site Scripting via site_phone/site_email/address Parameters
CVSS 2.4
CVE-2025-53093 HIGH
StarCitizenTools TabberNeue 3.0.0-3.1.0 - Stored Cross-Site Scripting via Tabber Tag Attribute Injection
CVSS 8.6
CVE-2025-50367 MEDIUM
Phpgurukul Medical Card Generation System 1.0 - XSS
CVSS 6.1
CVE-2025-53336 MEDIUM
abditsori My Resume Builder <1.0.3 - XSS
CVSS 6.5
CVE-2025-53325 MEDIUM
Dilip kumar Beauty Contact Popup Form <6.0. - XSS
CVSS 5.9
CVE-2025-53321 MEDIUM
Raise The Money <= 5.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53320 MEDIUM
Wp Enhanced Free Downloads EDD <1.0.4 - XSS
CVSS 6.5
CVE-2025-53301 MEDIUM
Theme Junkie Team Content <= 0.1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53300 MEDIUM
douglaskarr Podcast Feed Player Widget/Shortcode <2.2.0 - XSS
CVSS 6.5
CVE-2025-53296 MEDIUM
EC Stars Rating <= 1.0.11 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53294 MEDIUM
Smart Agenda <= 4.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53292 MEDIUM
WP DataTable <= 0.2.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53290 MEDIUM
MS WP Visual Sitemap <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53287 MEDIUM
Robert Cummings Quick Favicon <0.22.8 - XSS
CVSS 5.9
CVE-2025-53285 MEDIUM
The Website Flip Add & Replace Affiliate Links for Amazon <1.0.6 - XSS
CVSS 5.9
CVE-2025-53282 MEDIUM
aviplugins.com Thumbnail Editor <2.3.3 - XSS
CVSS 6.5
CVE-2025-53280 MEDIUM
AntoineH Football Pool <2.12.5 - XSS
CVSS 6.5
CVE-2025-53279 MEDIUM
Popup addon for Ninja Forms <= 3.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,145
Exploit Likelihood High