CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-32427 MEDIUM
Formie < 2.1.44 - Cross-Site Scripting in Form Import Preview
CVSS 5.4
CVE-2025-32426 MEDIUM
Formie < 2.1.44 - Stored Cross-Site Scripting in Email Notification Preview
CVSS 4.6
CVE-2025-3421 MEDIUM
Everest Forms < 3.1.1 - Unauthenticated Reflected Cross-Site Scripting via form_id Parameter
CVSS 6.1
CVE-2025-2575 MEDIUM
Z Companion <= 1.1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-2541 MEDIUM
WP Project Manager < 2.6.23 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-3434 HIGH
SMTP for Amazon SES - YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVSS 7.2
CVE-2025-32632 HIGH
KaizenCoders Automatic Ban IP <1.0.7 - XSS
CVSS 7.1
CVE-2025-32601 HIGH
Twispay Credit Card Payments <2.1.2 - XSS
CVSS 7.1
CVE-2025-32600 HIGH
Tournamatch <= 4.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32599 HIGH
miunosoft Task Scheduler <1.6.3 - XSS
CVSS 7.1
CVE-2025-32598 HIGH
WP Table Builder <= 2.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32586 HIGH
ABA PayWay Payment Gateway <2.1.3 - XSS
CVSS 7.1
CVE-2025-32553 HIGH
Magnigenie RestroPress <3.1.8.4 - XSS
CVSS 7.1
CVE-2025-32551 HIGH
Jaap Jansma Connector to CiviCRM <1.0.8 - XSS
CVSS 7.1
CVE-2025-32541 HIGH
WooCommerce Sales MIS Report <4.0.3 - XSS
CVSS 7.1
CVE-2025-32539 HIGH
WooCommerce - Store Exporter <2.7.4 - XSS
CVSS 7.1
CVE-2025-32538 HIGH
dev02ali Easy Post Duplicator <1.0.1 - XSS
CVSS 7.1
CVE-2025-32537 HIGH
Rachel Cherry Lock Your Updates <1.1 - XSS
CVSS 7.1
CVE-2025-32536 HIGH
Sandeep Verma HTML5 Video Player <2.50 - XSS
CVSS 7.1
CVE-2025-32534 HIGH
Workbox Video from Vimeo & Youtube <= 3.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32525 HIGH
Interactive Geo Maps <= 1.6.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32524 HIGH
MyWorks WooCommerce Sync <2.9.1 - XSS
CVSS 7.1
CVE-2025-32523 HIGH
Payphone WooCommerce - Payphone Gateway <3.2.0 - XSS
CVSS 7.1
CVE-2025-32517 HIGH
SCAND MultiMailer <= 1.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31379 HIGH
Insert HTML Here <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,198
Exploit Likelihood High