CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,173 vulnerabilities with CWE-79
CVE-2025-46459 MEDIUM
Ralf Hortt Confirm User Registration <2.1.5 - XSS
CVSS 5.9
CVE-2025-46453 MEDIUM
Zoho Creator Forms < 1.0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46451 MEDIUM
Syed Balkhi Floating Social Bar <1.1.7 - XSS
CVSS 5.9
CVE-2025-46449 HIGH
Novium WoWHead Tooltips <2.0.1 - XSS
CVSS 7.1
CVE-2025-46447 MEDIUM
Fable Extra <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-46445 MEDIUM
pReya External Markdown <0.0.1 - XSS
CVSS 6.5
CVE-2025-46438 MEDIUM
warmwhisky GTDB Guitar Tuners <4.2.2 - XSS
CVSS 6.5
CVE-2025-46261 MEDIUM
Seriously Simple Podcasting <3.9.0 - XSS
CVSS 5.9
CVE-2025-46260 MEDIUM
Sky Addons for Elementor <= 3.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46234 HIGH
Habibur Rahman Razib Control Listings <1.0.4.1 - XSS
CVSS 7.1
CVE-2025-39408 HIGH
EverPress BruteGuard < 0.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39400 HIGH
User Registration < 4.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39397 HIGH
Anything Popup <= 7.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39382 HIGH
danielpataki ACF: Google Font Selector <3.0.1 - XSS
CVSS 7.1
CVE-2025-29568 MEDIUM
Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via class Parameter
CVSS 4.8
CVE-2025-3832 MEDIUM
FuseDesk plugin - WordPress <6.7 - XSS
CVSS 6.4
CVE-2025-2579 MEDIUM
Lottie Player < 1.1.8 - Authenticated Stored Cross-Site Scripting via File Uploads
CVSS 6.4
CVE-2025-2543 MEDIUM
Advanced Accordion Gutenberg Block <5.0.1 - XSS
CVSS 6.4
CVE-2025-1453 MEDIUM
Category Posts Widget < 4.9.20 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2025-3435 MEDIUM
Mang Board WP <= 1.8.6 - Authenticated Stored Cross-Site Scripting via board_header and board_footer Parameters
CVSS 4.4
CVE-2025-3902 MEDIUM
Drupal Block Class 4.0.0-4.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-3901 MEDIUM
Drupal Bootstrap Site Alert <1.13.0-3.0.4 - XSS
CVSS 6.1
CVE-2025-3900 MEDIUM
Colorbox < 2.1.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2767 CRITICAL
Arista NG Firewall - Remote Code Execution via User-Agent HTTP Header
CVSS 9.6
CVE-2025-29526 MEDIUM
Q4 Inc Investor Relations Platform <5.147.1.2 - XSS
CVSS 6.1
Details
Vulnerabilities 45,173
Exploit Likelihood High