CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,190 vulnerabilities with CWE-79
CVE-2025-3458 MEDIUM
Ocean Extra <= 2.4.6 - Authenticated Stored Cross-Site Scripting via ocean_gallery_id Parameter
CVSS 6.4
CVE-2025-3457 MEDIUM
Ocean Extra < 2.4.6 - Authenticated Stored Cross-Site Scripting via oceanwp_icon Shortcode
CVSS 6.4
CVE-2025-46254 MEDIUM
Visual Composer Website Builder <= 45.10.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46253 MEDIUM
GutenKit <= 2.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46250 MEDIUM
VPSUForm <= 3.1.14 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46240 MEDIUM
Jeff Starr Simple Download Counter <2.2 - XSS
CVSS 6.5
CVE-2025-46239 MEDIUM
Jeff Starr Theme Switcha <3.4 - XSS
CVSS 6.5
CVE-2025-46238 MEDIUM
rbaer List Last Changes <1.2.1 - XSS
CVSS 6.5
CVE-2025-46237 MEDIUM
Yannick Lefebvre Link Library <7.8 - XSS
CVSS 6.5
CVE-2025-46236 MEDIUM
Link Software LLC HTML Forms <1.5.2 - XSS
CVSS 6.5
CVE-2025-46235 MEDIUM
sonalsinha21 SKT Blocks - Gutenberg <2.0 - XSS
CVSS 6.5
CVE-2025-46233 MEDIUM
Sirv <= 7.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46229 MEDIUM
Textmetrics <= 3.6.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46228 MEDIUM
Bastien Ho Event post <5.9.11 - XSS
CVSS 6.5
CVE-2025-46227 MEDIUM
Brecht Custom Related Posts <1.7.4 - XSS
CVSS 6.5
CVE-2025-46226 MEDIUM
ferranfg MPL-Publisher <2.18.0 - XSS
CVSS 6.5
CVE-2025-46225 MEDIUM
Post in page for Elementor <= 1.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-3814 MEDIUM
Tax Switch for WooCommerce <1.4.2 - XSS
CVSS 6.4
CVE-2025-2839 MEDIUM
WP Import Export Lite <= 3.9.27 - Authenticated Stored Cross-Site Scripting via wpiePreviewData Function
CVSS 6.4
CVE-2025-28102 MEDIUM
flaskBlog 2.6.1 - Stored Cross-Site Scripting via Post Content Parameter
CVSS 6.1
CVE-2025-28121 MEDIUM
Online Exam Mastering System 1.0 - Cross-Site Scripting via Feedback q Parameter
CVSS 6.1
CVE-2025-3840 LOW
Saviynt OVA based Connect - Cross-Site Scripting via Login Form Action Parameter
CVE-2025-43954 MEDIUM
QMarkdown < 2.0.5 - Cross-Site Scripting via Headers
CVSS 4.9
CVE-2025-3826 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtsupplier_name/txtaddress Parameter
CVSS 2.4
CVE-2025-3825 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtcategory_name Parameter
CVSS 2.4
Details
Vulnerabilities 45,190
Exploit Likelihood High