CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-31378 HIGH
Oppso Unit Converter <= 1.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31028 HIGH
NotFound WP Hide Categories <1.0 - XSS
CVSS 7.1
CVE-2025-31021 HIGH
Mobile Smart <= v1.3.16 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32809 MEDIUM
W. W. Norton InQuizitive < 2025-04-08 - Stored Cross-Site Scripting via Bonus Description or Feedback Parameter
CVSS 6.4
CVE-2025-3469 NONE
MediaWiki <1.39.12, 1.42.6, 1.43.1 - XSS
CVE-2025-32699 LOW
MediaWiki <1.39.12, 1.42.6, 1.43.1 - Code Injection
CVE-2025-32027 MEDIUM
Yii < 1.1.31 - Reflected Cross-Site Scripting via Fallback Error Renderer
CVSS 6.1
CVE-2025-32391 MEDIUM
HedgeDoc < 1.10.3 - Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-30148 MEDIUM
Silverstripe Framework <5.3.23 - XSS
CVSS 5.4
CVE-2025-25197 MEDIUM
Silverstripe Elemental <5.3.12 - XSS
CVSS 5.4
CVE-2025-27350 HIGH
Hugh Mungus Vice Versa <2.2.3 - XSS
CVSS 7.1
CVE-2025-32214 MEDIUM
Hive Support <= 1.2.11 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32199 MEDIUM
eyale-vc Contact Form Builder <4.10.2 - XSS
CVSS 6.5
CVE-2025-32198 MEDIUM
Brizy <= 2.7.7 - Cross-Site Scripting
CVSS 6.5
CVE-2025-32139 MEDIUM
FooBox Image Lightbox <2.7.33 - XSS
CVSS 5.9
CVE-2025-32116 HIGH
Studi7 QR Master <= 1.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32115 HIGH
OTWthemes Popping Content Light <2.4 - XSS
CVSS 7.1
CVE-2025-32114 HIGH
5sterrenspecialist WordPress Plugin <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-3489 MEDIUM
Nababur Simple-User-Management-System 1.0 - Cross-Site Scripting via Register.php Name/Username Parameter
CVSS 4.3
CVE-2025-29018 MEDIUM
Code Astro Internet Banking System 2.0.0 - Stored Cross-Site Scripting via Name Parameter
CVSS 4.8
CVE-2025-32690 MEDIUM
PowerPress Podcasting <11.12.5 - XSS
CVSS 6.5
CVE-2025-32683 MEDIUM
RomanCode MapSVG Lite <8.5.32 - XSS
CVSS 6.5
CVE-2025-32680 MEDIUM
Grade Us, Inc. Review Stream <1.6.7 - XSS
CVSS 5.9
CVE-2025-32640 MEDIUM
Elementor One Click Accessibility <3.1.0 - XSS
CVSS 5.9
CVE-2025-32581 HIGH
Ankit Singla WordPress Spam Blocker <2.0.4 - XSS
CVSS 7.1
Details
Vulnerabilities 45,198
Exploit Likelihood High