CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,190 vulnerabilities with CWE-79
CVE-2025-46260 MEDIUM
Sky Addons for Elementor <= 3.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46234 HIGH
Habibur Rahman Razib Control Listings <1.0.4.1 - XSS
CVSS 7.1
CVE-2025-39408 HIGH
EverPress BruteGuard < 0.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39400 HIGH
User Registration < 4.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39397 HIGH
Anything Popup <= 7.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39382 HIGH
danielpataki ACF: Google Font Selector <3.0.1 - XSS
CVSS 7.1
CVE-2025-29568 MEDIUM
Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via class Parameter
CVSS 4.8
CVE-2025-3832 MEDIUM
FuseDesk plugin - WordPress <6.7 - XSS
CVSS 6.4
CVE-2025-2579 MEDIUM
Lottie Player < 1.1.8 - Authenticated Stored Cross-Site Scripting via File Uploads
CVSS 6.4
CVE-2025-2543 MEDIUM
Advanced Accordion Gutenberg Block <5.0.1 - XSS
CVSS 6.4
CVE-2025-1453 MEDIUM
Category Posts Widget < 4.9.20 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2025-3435 MEDIUM
Mang Board WP <= 1.8.6 - Authenticated Stored Cross-Site Scripting via board_header and board_footer Parameters
CVSS 4.4
CVE-2025-3902 MEDIUM
Drupal Block Class 4.0.0-4.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-3901 MEDIUM
Drupal Bootstrap Site Alert <1.13.0-3.0.4 - XSS
CVSS 6.1
CVE-2025-3900 MEDIUM
Colorbox < 2.1.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2767 CRITICAL
Arista NG Firewall - Remote Code Execution via User-Agent HTTP Header
CVSS 9.6
CVE-2025-29526 MEDIUM
Q4 Inc Investor Relations Platform <5.147.1.2 - XSS
CVSS 6.1
CVE-2025-2703 MEDIUM
Grafana 11.2.0-11.6.0 - Authenticated DOM Cross-Site Scripting via XY Chart Panel
CVSS 6.8
CVE-2025-1054 MEDIUM
UiCore Elements - WordPress <1.0.16 - XSS
CVSS 6.4
CVE-2025-26159 MEDIUM
laravel-starter < 11.11.0 - Stored Cross-Site Scripting in Tags Feature
CVSS 6.1
CVE-2025-43952 MEDIUM
Mettler Toledo FreeWeight.Net <8.4.0 - XSS
CVSS 6.1
CVE-2025-32961 MEDIUM
Com.haulmont.addon.jpawebapi Jpawebapi-jpawebapi < 1.1.1 - XSS
CVSS 6.4
CVE-2025-32960 MEDIUM
CUBA REST API < 7.2.7 - Stored Cross-Site Scripting via File Path Manipulation
CVSS 6.4
CVE-2025-32951 MEDIUM
Haulmont Cuba Platform < 7.2.23 - XSS
CVSS 6.4
CVE-2025-23175 MEDIUM
TCExam - Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 45,190
Exploit Likelihood High