CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-27361 HIGH
Photo Express for Google <= 0.3.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-25173 HIGH
FastBook <= 1.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-24774 HIGH
WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23973 HIGH
SpecFit-Virtual Try On Woocommerce <7.0.6 - XSS
CVSS 7.1
CVE-2025-5398 MEDIUM
Ninja Forms < 3.10.2.1 - Authenticated Stored Cross-Site Scripting via Templating Engine
CVSS 6.4
CVE-2025-6689 MEDIUM
FL3R Accessibility Suite <= 1.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6550 MEDIUM
The Pack Elementor addon plugin <2.1.4 - XSS
CVSS 6.4
CVE-2025-5940 MEDIUM
Osom Blocks < 1.2.1 - Authenticated Stored Cross-Site Scripting via Class Name Parameter
CVSS 6.4
CVE-2025-4587 MEDIUM
WordPress A/B Testing <1.18.2 - XSS
CVSS 6.4
CVE-2025-5194 MEDIUM
WP Map Block < 2.0.3 - Stored Cross-Site Scripting via Block Options
CVSS 4.8
CVE-2025-5093 MEDIUM
Responsive Lightbox & Gallery <2.5.2 - XSS
CVSS 5.4
CVE-2025-5035 MEDIUM
Firelight Lightbox WP <2.3.16 - XSS
CVSS 5.4
CVE-2025-6488 MEDIUM
isMobile plugin - WordPress <1.1.1 - XSS
CVSS 6.4
CVE-2025-53121 MEDIUM
OpenNMS Horizon < 33.1.6 and Meridian < 2024.2.6 - Stored Cross-Site Scripting via Unsanitized Node Parameters
CVE-2025-6700 MEDIUM
xxl-sso 1.1.0 - Cross-Site Scripting via Error Message Parameter
CVSS 4.3
CVE-2025-6699 LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Nome/Sobrenome Parameter
CVSS 3.5
CVE-2025-44141 MEDIUM
Backdrop CMS 1.30 - Stored Cross-Site Scripting in Node Creation Form
CVSS 6.1
CVE-2025-6698 LOW
WeGIA 3.4.0 - Cross-Site Scripting via Insira o novo tipo Parameter
CVSS 3.5
CVE-2025-6697 LOW
WeGIA 3.4.0 - Cross-Site Scripting via Adicionar tipo Insira o novo tipo Parameter
CVSS 3.5
CVE-2025-6696 LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Cadastro de Atendio Nome/Sobrenome Parameter
CVSS 3.5
CVE-2025-52902 HIGH
filebrowser < 2.33.7 - Stored Cross-Site Scripting in Markdown Preview
CVSS 7.6
CVE-2025-6695 LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Additional Categoria Input
CVSS 3.5
CVE-2025-6694 LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Adicionar Unidade Component
CVSS 3.5
CVE-2025-6677 MEDIUM
Paragraphs table 2.0.0-2.0.5 - Cross-Site Scripting
CVSS 5.4
CVE-2025-6676 MEDIUM
Drupal Simple XML sitemap < 4.2.2 - Cross-Site Scripting
CVSS 5.4
Details
Vulnerabilities 45,145
Exploit Likelihood High