CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,173 vulnerabilities with CWE-79
CVE-2025-2069 MEDIUM
FileZ Client < 11.0.0.10 - Cross-Site Scripting via Crafted URL
CVSS 5.0
CVE-2025-46618 LOW
JetBrains TeamCity <2025.03.1 - XSS
CVSS 3.5
CVE-2025-3643 MEDIUM
Moodle < 4.1.18 - Reflected Cross-Site Scripting in Policy Tool Return URL
CVSS 5.4
CVE-2025-2986 MEDIUM
IBM Maximo Asset Mgmt <7.6.1.3 - XSS
CVSS 5.5
CVE-2025-3870 MEDIUM
1 Decembrie 1918 <1.dec.2012 - CSRF
CVSS 6.1
CVE-2025-46482 MEDIUM
MyThemeShop WP Quiz <= 2.0.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-3868 MEDIUM
Custom Admin-Bar Favorites <0.1 - XSS
CVSS 6.1
CVE-2025-3867 MEDIUM
Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting via acform_cst_settings Page
CVSS 6.1
CVE-2025-3866 MEDIUM
WordPress Add Google +1 <1.0.0 - CSRF
CVSS 6.1
CVE-2025-2580 MEDIUM
The Contact Form by Bit Form plugin - WordPress <2.18.3 - XSS
CVSS 4.9
CVE-2025-0671 MEDIUM
Icegram Express < 5.7.50 - Authenticated Stored Cross-Site Scripting in Template Settings
CVSS 6.1
CVE-2025-3752 MEDIUM
Able Player < 1.2.1 - Authenticated Stored Cross-Site Scripting via Preload Parameter
CVSS 6.4
CVE-2025-46595 MEDIUM
Backdrop CMS Flag < 1.x-3.6.2 - Cross-Site Scripting via Flag Link Injection
CVSS 6.4
CVE-2025-46545 MEDIUM
Sherpa Orchestrator 141851 - Stored Cross-Site Scripting via License Name Parameter
CVSS 4.4
CVE-2025-3749 MEDIUM
WordPress Breeze Display <1.2.3 - XSS
CVSS 6.4
CVE-2025-1294 HIGH
eForm - WordPress Form Builder <4.18.0 - XSS
CVSS 7.2
CVE-2025-43861 MEDIUM
ManageWiki < 2025-04-24 - Authenticated Stored Cross-Site Scripting in Review Dialog
CVSS 4.4
CVE-2025-46542 MEDIUM
ThemeXpert Xpert Tab <= 1.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46541 MEDIUM
WP-reCAPTCHA-bp <= 4.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46540 MEDIUM
GNA Search Shortcode <= 0.9.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46538 MEDIUM
webplanetsoft Inline Text Popup <1.0.0 - XSS
CVSS 6.5
CVE-2025-46536 MEDIUM
Carousel-of-post-images <1.07 - XSS
CVSS 6.5
CVE-2025-46534 MEDIUM
DanielRiera Image Style Hover <1.0.7 - XSS
CVSS 6.5
CVE-2025-46533 MEDIUM
Landing pages and Domain aliases for WordPress <= 0.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46532 MEDIUM
Haris Zulfiqar Tooltip <1.0.1 - XSS
CVSS 6.5
Details
Vulnerabilities 45,173
Exploit Likelihood High