CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-6674 MEDIUM
gabderrahim/ckeditor5_youtube < 1.0.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-5682 MEDIUM
Drupal Klaro Cookie & Consent Management < 3.0.7 - Cross-Site Scripting
CVSS 4.3
CVE-2025-48923 MEDIUM
Drupal Toc.Js < 3.2.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-48922 MEDIUM
Drupal GLightbox < 1.0.16 - Cross-Site Scripting
CVSS 6.1
CVE-2025-5966 HIGH
ManageEngine Exchange Reporter Plus <= 5722 - Stored Cross-Site Scripting in Attachments by Filename Report
CVSS 8.1
CVE-2025-5366 HIGH
ManageEngine Exchange Reporter Plus <= 5722 - Stored Cross-Site Scripting in Folder-wise Read Mails Report
CVSS 8.1
CVE-2025-6212 HIGH
Ultra Addons for Contact Form 7 <3.5.19 - XSS
CVSS 7.2
CVE-2025-5842 MEDIUM
WordPress Modern Design Library <1.1.4 - XSS
CVSS 6.4
CVE-2025-5338 MEDIUM
Royal Elementor Addons < 1.7.1028 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-6546 MEDIUM
WordPress Drive Folder Embedder <1.1.0 - XSS
CVSS 6.4
CVE-2025-6540 MEDIUM
web-cam <= 3.0 - Authenticated Stored Cross-Site Scripting via Slug Parameter
CVSS 6.4
CVE-2025-6537 MEDIUM
Namasha By Mdesign <= 1.2.00 - Authenticated Stored Cross-Site Scripting via playicon_title Parameter
CVSS 6.4
CVE-2025-5929 MEDIUM
The Countdown plugin for WordPress <= 2.0.1 - Authenticated Stored Cross-Site Scripting via clientId Parameter
CVSS 6.4
CVE-2025-5275 MEDIUM
Charitable < 1.8.6.2 - Authenticated Stored Cross-Site Scripting via Privacy Settings Fields
CVSS 4.4
CVE-2025-6538 MEDIUM
Post Rating and Review <1.3.4 - XSS
CVSS 6.4
CVE-2025-6383 MEDIUM
WP-PhotoNav <= 1.2.2 - Authenticated Stored Cross-Site Scripting via photonav Shortcode
CVSS 6.4
CVE-2025-6378 MEDIUM
Responsive Food and Drink Menu < 2.3 - Authenticated Stored Cross-Site Scripting via display_pdf_menus Shortcode
CVSS 6.4
CVE-2025-6290 MEDIUM
Tournament Bracket Generator <1.0.0 - XSS
CVSS 6.4
CVE-2025-6258 MEDIUM
WP SoundSystem <= 3.4.2 - Authenticated Stored Cross-Site Scripting via wpsstm-track Shortcode
CVSS 6.4
CVE-2025-5588 MEDIUM
Image Editor by Pixo <= 2.3.6 - Authenticated Stored Cross-Site Scripting via Download Parameter
CVSS 6.4
CVE-2025-5564 MEDIUM
GC Social Wall <= 1.15 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-5559 MEDIUM
TimeZoneCalculator <= 3.37 - Authenticated Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2025-5540 MEDIUM
WordPress Event RSVP & Simple Event Mgmt Plugin <4.1.0 - XSS
CVSS 6.4
CVE-2025-5535 MEDIUM
e.nigma buttons plugin <1.1.3 - XSS
CVSS 6.4
CVE-2025-5488 MEDIUM
WP Masonry & Infinite Scroll <2.2 - XSS
CVSS 6.4
Details
Vulnerabilities 45,145
Exploit Likelihood High