CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,169 vulnerabilities with CWE-79
CVE-2025-47476 MEDIUM
add-ons.org Cost Calculator for Elementor <1.3.3 - XSS
CVSS 6.5
CVE-2025-47475 MEDIUM
artbees JupiterX Core <4.8.11 - XSS
CVSS 6.5
CVE-2025-47449 MEDIUM
Jordy Meow Meow Gallery <5.2.7 - XSS
CVSS 5.9
CVE-2025-47443 MEDIUM
wpdevart Widget Countdown <2.7.4 - XSS
CVSS 6.5
CVE-2025-47442 MEDIUM
CC BMI Calculator <= 2.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47441 MEDIUM
Chris Reynolds Progress Bar <2.2.3 - XSS
CVSS 6.5
CVE-2025-29602 MEDIUM
flatpress < 1.3.1 - Cross-Site Scripting in Administration Area via Manage Categories
CVSS 6.1
CVE-2025-29152 HIGH
lemeconsultoria HCM galera.app 4.58.0 - Stored Cross-Site Scripting via Multiple Components
CVSS 7.6
CVE-2025-39361 MEDIUM
Royal Elementor Addons <= 1.7.1017 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-4171 MEDIUM
WZ Followed Posts <= 3.1.0 - Authenticated Stored XSS via 'wfp' Shortcode
CVSS 6.4
CVE-2025-0667 MEDIUM
BOINC Server <= 1.4.7 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-0666 MEDIUM
BOINC Server <= 1.4.7 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-4220 MEDIUM
Xavin's List Subpages <= 1.3 - Authenticated Stored Cross-Site Scripting via 'xls' Shortcode
CVSS 6.4
CVE-2025-4055 MEDIUM
Multiple Post Type Order <1.10.0 - XSS
CVSS 6.4
CVE-2025-4054 MEDIUM
Relevanssi - A Better Search <4.24.3 - XSS
CVSS 6.1
CVE-2025-3860 MEDIUM
CarDealerPress <= 6.8.2505.00 - Authenticated Stored Cross-Site Scripting via Saleclass Parameter
CVSS 6.4
CVE-2025-4388 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS in Marketplace App Manager
CVSS 6.1
CVE-2025-23379 LOW
Dell Storage Manager 21.0.20 - Unauthenticated Cross-Site Scripting
CVSS 3.5
CVE-2025-0984 HIGH
Netoloji Software E-Flow <3.23.00 - XSS
CVSS 8.2
CVE-2025-3782 MEDIUM
Cision Block <= 4.3.0 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-3020 MEDIUM
Wiesemann & Theis ERP-Gateway and Web-IO - Stored Cross-Site Scripting in Configuration Webpage
CVSS 5.4
CVE-2025-4326 LOW
MRCMS 3.1.2 - Cross-Site Scripting in Add Fragment Page
CVSS 2.4
CVE-2025-4325 LOW
MRCMS 3.1.2 - Cross-Site Scripting via Category Management Page Name Parameter
CVSS 2.4
CVE-2025-4324 LOW
MRCMS 3.1.2 - Cross-Site Scripting in External Link Management Page
CVSS 2.4
CVE-2025-4323 LOW
MRCMS 3.1.2 - Stored Cross-Site Scripting via Edit Article Page Title Parameter
CVSS 2.4
Details
Vulnerabilities 45,169
Exploit Likelihood High