CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-30970 HIGH
Easy Contact <= 0.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-29471 HIGH
Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field
CVSS 8.3
CVE-2025-26998 MEDIUM
SKT Blocks <= 1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26951 MEDIUM
C9 Blocks <= 1.7.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26950 MEDIUM
AddonsPress Nepali Date Converter <2.0.8 - XSS
CVSS 6.5
CVE-2025-26934 MEDIUM
Glossy Blog <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26930 MEDIUM
Alleythemes Home Services <1.2.6 - XSS
CVSS 6.5
CVE-2025-26919 MEDIUM
Tain < 0.2.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26906 MEDIUM
Ren Ventura WP Delete User Accounts <1.2.3 - XSS
CVSS 6.5
CVE-2025-26880 MEDIUM
sonalsinha21 SKT Skill Bar <2.3 - XSS
CVSS 6.5
CVE-2025-26870 MEDIUM
JetEngine <= 3.6.4.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26749 MEDIUM
WPFactory Additional Custom Product Tabs for WooCommerce <1.7.0 - XSS
CVSS 6.5
CVE-2025-26746 HIGH
NotFound Advanced Custom Fields: Link Picker Field <1.2.8 - XSS
CVSS 7.1
CVE-2025-26740 MEDIUM
SpaBiz <= 1.0.18 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24297 CRITICAL
Growatt Cloud Portal < 3.6.0 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-22269 MEDIUM
ShapedPlugin LLC Real Testimonials <3.1.6 - XSS
CVSS 6.5
CVE-2025-22268 MEDIUM
Uncanny Toolkit for LearnDash <3.7.0.1 - XSS
CVSS 6.5
CVE-2025-22263 HIGH
Global Gallery < 8.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30511 HIGH
Growatt Cloud Portal <= 3.6.0 - Stored XSS
CVSS 8.8
CVE-2025-29280 MEDIUM
PerfreeBlog 4.0.11 - Stored Cross-Site Scripting in Website Name Field
CVSS 4.8
CVE-2025-31011 HIGH
ReichertBrothers SimplyRETS <3.0.3 - XSS
CVSS 7.1
CVE-2025-30962 HIGH
FS Poster <= 6.5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26992 HIGH
Landing Page Cat <= 1.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26982 MEDIUM
DSGVO Youtube <= 1.5.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26954 HIGH
ZooEffect <= 1.11 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,198
Exploit Likelihood High