CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,153 vulnerabilities with CWE-79
CVE-2025-4577 MEDIUM
Smash Balloon Social Post Feed < 4.3.1 - Authenticated Stored Cross-Site Scripting via Data-Color Attribute
CVSS 6.4
CVE-2025-2918 MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.3.3 - XSS
CVSS 6.4
CVE-2025-5742 MEDIUM
Schneider Electric EVLink WallBox - Authenticated Stored Cross-Site Scripting via Configuration Parameters
CVSS 5.4
CVE-2025-3905 MEDIUM
Schneider Electric Modicon Controllers M241/M251 < 5.3.12.51 and M258/LMC058 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-3899 MEDIUM
Modicon Controllers M241/M251 - Authenticated Stored Cross-Site Scripting in Certificates Page
CVSS 5.4
CVE-2025-3117 MEDIUM
Modicon Controllers M241/M251 < 5.3.12.51 and M262 < 5.3.9.18 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-3076 MEDIUM
Elementor Website Builder Pro <= 3.29.0 - Authenticated Stored Cross-Site Scripting via Button Text Parameter
CVSS 6.4
CVE-2025-42990 LOW
SAPUI5 applications - Cross-Site Scripting
CVSS 3.0
CVE-2025-31325 MEDIUM
SAP NetWeaver (ABAP Keyword Documentation) < SAP_BASIS 758 - XSS via Unprotected Parameter
CVSS 5.8
CVE-2025-23192 HIGH
SAP BusinessObjects Business Intelligence - Unauthenticated Stored Cross-Site Scripting in BI Workspace
CVSS 8.2
CVE-2025-49137 HIGH
PSU Haxcms-nodejs < 11.0.0 - Basic XSS
CVSS 8.5
CVE-2025-5887 LOW
jsnjfz WebStack-Guns 1.0 - Cross-Site Scripting via File Upload Argument
CVSS 3.5
CVE-2025-46041 MEDIUM
Anchor CMS 0.12.7 - Stored Cross-Site Scripting via Page Description Field
CVSS 5.4
CVE-2025-45002 MEDIUM
vigybag < 1.0 - Cross-Site Scripting via Profile Picture Upload
CVSS 5.4
CVE-2025-5886 LOW
emlog < 2.5.7 - Cross-Site Scripting via active_post Argument in /admin/article.php
CVSS 3.5
CVE-2025-48279 HIGH
WC MyParcel Belgium 4.5.5-beta - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48143 HIGH
Formulario de contacto SalesUp! <= 1.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47598 MEDIUM
History Log by click5 <= 1.0.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47487 HIGH
moreconvert MC Woocommerce Wishlist <1.9.1 - XSS
CVSS 7.1
CVE-2025-47477 HIGH
Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46178 MEDIUM
cloudclassroom-php_project - Stored Cross-Site Scripting via askquery.php eid Parameter
CVSS 6.1
CVE-2025-45055 MEDIUM
Silverpeas 6.4.2 - Authenticated Stored Cross-Site Scripting via SVG Event Attachment
CVSS 5.4
CVE-2025-39539 HIGH
quitenicestuff Soho Hotel <4.2.5 - XSS
CVSS 7.1
CVE-2025-32305 HIGH
WordPress FlatNews Theme <= 5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31925 HIGH
LambertGroup SHOUT <= 3.5.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,153
Exploit Likelihood High