CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-26745 MEDIUM
RS Elements Elementor Addon <1.1.5 - XSS
CVSS 6.5
CVE-2025-26744 MEDIUM
JetBlog <= 2.4.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26743 HIGH
TC.K Advance WP Query Search Filter <1.0.10 - XSS
CVSS 7.1
CVE-2025-2083 MEDIUM
Logo Carousel Gutenberg Block <2.1.6 - XSS
CVSS 6.4
CVE-2025-2225 MEDIUM
Responsive Addons for Elementor < 1.6.9 - Authenticated Stored Cross-Site Scripting via rael_title_tag Parameter
CVSS 6.4
CVE-2025-3573 MEDIUM
jquery-validation < 1.20.0 - Cross-Site Scripting via showLabel Function
CVSS 6.1
CVE-2025-3613 LOW
Demtec Graphytics 5.0.7 - Cross-Site Scripting via Visualization Description Parameter
CVSS 3.5
CVE-2025-3612 MEDIUM
Demtec Graphytics 5.0.7 - Cross-Site Scripting via HTTP GET Parameter Handler
CVSS 4.3
CVE-2025-3592 LOW
My-Blog-layui 1.0 - Cross-Site Scripting in /admin/v1/link/edit
CVSS 3.5
CVE-2025-3591 LOW
ZHENFENG13 My-Blog-layui 1.0 - Cross-Site Scripting in /admin/v1/blog/edit
CVSS 3.5
CVE-2025-22373 HIGH
SicommNet BASEC >= 14 Dec 2021 - Reflected Cross-Site Scripting via HTTP Query Strings
CVE-2025-3570 LOW
JamesZBL db-hospital-drug 1.0 - Cross-Site Scripting in ContentController Save Function
CVSS 3.5
CVE-2025-2161 HIGH
Pega Platform 7.2.1-8.5.5 - Stored Cross-Site Scripting in Mashup
CVSS 7.1
CVE-2025-2160 HIGH
Pega Platform 8.4.3-Infinity 24.2.1 - Cross-Site Scripting in Mashup
CVSS 8.1
CVE-2025-3568 LOW
Webkul Krayin CRM <= 2.1.0 - Cross-Site Scripting in SVG File Handler
CVSS 3.5
CVE-2025-3560 LOW
ghostxbh uzy-ssm-mall 1.0.0 - Cross-Site Scripting via product_name Parameter
CVSS 3.5
CVE-2025-3554 MEDIUM
phpshe 1.8 - Cross-Site Scripting via api.php?mod=cron&act=buyer Parameter
CVSS 4.3
CVE-2025-3423 MEDIUM
IBM Aspera Faspex 5.0.0-5.0.11 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-3533 MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via Parent Argument in Channel Index
CVSS 4.3
CVE-2025-3532 MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via OrderNumber Parameter
CVSS 4.3
CVE-2025-3531 MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via UserName/LogType Argument
CVSS 4.3
CVE-2025-1456 MEDIUM
Royal Elementor Addons < 1.7.1013 - Authenticated Stored XSS via widget Methods
CVSS 6.4
CVE-2025-1455 MEDIUM
Royal Elementor Addons < 1.7.1013 - Authenticated Stored Cross-Site Scripting via Woo Grid Widget
CVSS 6.4
CVE-2025-3276 MEDIUM
SKT Blocks - Gutenberg based Page Builder <= 1.9 - Authenticated Stored Cross-Site Scripting via Post Carousel Block
CVSS 6.4
CVE-2025-2269 MEDIUM
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin f...
CVSS 6.1
Details
Vulnerabilities 45,198
Exploit Likelihood High