CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-2929 HIGH
Order Delivery Date WP <12.4.0 - XSS
CVSS 7.1
CVE-2025-47946 MEDIUM
Symfony UX < 2.25.1 - Cross-Site Scripting via ComponentAttributes Rendering
CVSS 6.1
CVE-2025-39393 HIGH
Hospital Management System <= 47.0(20-11-2023) - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39392 HIGH
mojoomla WPAMS <= 44.0 (17-08-2023) - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39372 HIGH
elbisnero WordPress Events Calendar Registration & Tickets <2.6.0 -...
CVSS 7.1
CVE-2025-39365 HIGH
wProject < 5.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31027 HIGH
jocoxdesign Tiger < 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-43839 HIGH
BP Messages Tool <= 2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-43837 HIGH
binti76 Total Donations <3.0.8 - XSS
CVSS 7.1
CVE-2025-43836 HIGH
confuzzledduck Syndicate Out <0.9 - XSS
CVSS 7.1
CVE-2025-43832 HIGH
andreyk Remote Images Grabber <0.6 - XSS
CVSS 7.1
CVE-2025-39446 HIGH
Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39409 HIGH
pressaholic WordPress Video Robot <1.20.0 - XSS
CVSS 7.1
CVE-2025-39407 HIGH
Caseproof LLC Memberpress <1.12.0 - XSS
CVSS 7.1
CVE-2025-43841 MEDIUM
WP Vegas <= 2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-43834 MEDIUM
cookieBAR <= 1.7.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-39450 MEDIUM
Crocoblock JetTabs <= 2.2.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-39448 MEDIUM
Crocoblock JetElements For Elementor <2.7.4.1 - XSS
CVSS 6.5
CVE-2025-26997 HIGH
Wireless Butler <= 1.0.11 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46543 MEDIUM
Charly Leetham Enhanced Paypal Shortcodes <0.5a - XSS
CVSS 6.5
CVE-2025-46263 MEDIUM
Lloyd Saunders Author Box <1.6 - XSS
CVSS 6.5
CVE-2025-46262 MEDIUM
Mad Mimi for WordPress <1.5.1 - XSS
CVSS 6.5
CVE-2025-39369 MEDIUM
Posts for Page <= 2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-4939 MEDIUM
PHPGurukul Credit Card Application Management System 1.0 - Stored Cross-Site Scripting in /admin/new-ccapplication.php
CVSS 4.3
CVE-2025-32920 MEDIUM
TemplateInvaders TI WooCommerce Wishlist <2.10.0 - XSS
CVSS 6.5
Details
Vulnerabilities 45,157
Exploit Likelihood High