CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,147 vulnerabilities with CWE-79
CVE-2025-48920 HIGH
etracker < 3.1.0 - Cross-Site Scripting
CVSS 7.3
CVE-2025-48919 MEDIUM
Drupal Simple Klaro < 1.10.0 - Cross-Site Scripting
CVSS 5.0
CVE-2025-48918 HIGH
Drupal Simple Klaro < 1.10.0 - Cross-Site Scripting
CVSS 8.8
CVE-2025-48917 MEDIUM
Drupal EU Cookie Compliance <1.26.0 - XSS
CVSS 5.0
CVE-2025-48915 HIGH
Drupal COOKiES Consent Mgmt <1.2.15 - XSS
CVSS 8.6
CVE-2025-48914 HIGH
Drupal COOKiES Consent Mgmt <1.2.15 - XSS
CVSS 8.6
CVE-2025-28380 MEDIUM
OpenC3 COSMOS < 6.0.2 - Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2025-46096 MEDIUM
solon 3.1.2 - Path Traversal and Cross-Site Scripting via solon-faas-luffy Component
CVSS 6.1
CVE-2025-6012 MEDIUM
WordPress Auto Attachments <1.8.5 - XSS
CVSS 5.5
CVE-2025-5923 MEDIUM
Game Review Block <= 4.8.1 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-5950 MEDIUM
IndieBlocks <= 0.13.2 - Authenticated Stored Cross-Site Scripting via 'kind' Parameter
CVSS 6.4
CVE-2025-5939 MEDIUM
Telegram for WP <= 1.6.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-5841 MEDIUM
ACF Onyx Poll <= 1.1.9 - Authenticated Stored Cross-Site Scripting via Class Parameter
CVSS 6.4
CVE-2025-5233 MEDIUM
Color Palette <= 4.3.2 - Authenticated Stored Cross-Site Scripting via Hex Parameter
CVSS 6.4
CVE-2025-5123 MEDIUM
Contact Us Page - Contact People <= 3.7.4 - Authenticated Stored Cross-Site Scripting via Style Parameter
CVSS 6.4
CVE-2025-4586 MEDIUM
IRM Newsroom <= 1.2.19 - Authenticated Stored Cross-Site Scripting via irmcalendarview Shortcode
CVSS 6.4
CVE-2025-4585 MEDIUM
IRM Newsroom <= 1.2.19 - Authenticated Stored Cross-Site Scripting via irmflat Shortcode
CVSS 6.4
CVE-2025-4584 MEDIUM
IRM Newsroom <= 1.2.19 - Authenticated Stored Cross-Site Scripting via irmeventlist Shortcode
CVSS 6.4
CVE-2025-44091 MEDIUM
yangyouwang crud v1.0.0 - Cross-Site Scripting in Role Management Function
CVSS 5.4
CVE-2025-4417 MEDIUM
AVEVA PI Connector for CygNet <1.6.14 - XSS
CVSS 5.5
CVE-2025-2745 MEDIUM
AVEVA PI Web API < 2023 SP1 - Authenticated Stored Cross-Site Scripting via Annotation Attachments
CVSS 6.5
CVE-2025-49579 MEDIUM
Citizen < 3.3.1 - Stored Cross-Site Scripting via Menu.mustache Template
CVSS 6.5
CVE-2025-49578 MEDIUM
Citizen < 3.3.1 - Stored Cross-Site Scripting via Language::userDate Date Messages
CVSS 6.5
CVE-2025-49577 MEDIUM
starcitizen.tools/citizen < 3.3.1 - Stored Cross-Site Scripting via Preferences Messages
CVSS 6.5
CVE-2025-49576 MEDIUM
Citizen < 3.3.1 - Stored Cross-Site Scripting via Search No-Results Messages
CVSS 6.5
Details
Vulnerabilities 45,147
Exploit Likelihood High