CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-32580 HIGH
Debounce Email Validator <5.7.1 - XSS
CVSS 7.1
CVE-2025-32570 HIGH
ChillPay WooCommerce <= 2.5.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32543 HIGH
hivedigital Canonical Attachments <1.7 - XSS
CVSS 7.1
CVE-2025-32503 HIGH
Jose Conti Link Shield <0.5.4 - XSS
CVSS 7.1
CVE-2025-32495 MEDIUM
Joe Waymark <= 1.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32493 MEDIUM
VibeThemes BP Social Connect <1.6.2 - XSS
CVSS 5.9
CVE-2025-32492 MEDIUM
Eliot Akira Admin Menu Post List <2.0.7 - XSS
CVSS 5.9
CVE-2025-32489 MEDIUM
Tim Wetterwarner < 2.7.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32488 MEDIUM
Aria Font <= 1.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32483 MEDIUM
Scott Salisbury Request Call Back <1.4.1 - XSS
CVSS 5.9
CVE-2025-31394 HIGH
More Mime Type Filters <= 0.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-31035 MEDIUM
Benjamin Chris WP Editor <10.2.1 - XSS
CVSS 5.9
CVE-2025-31020 MEDIUM
Webliberty Simple Spoiler <1.4 - XSS
CVSS 6.5
CVE-2025-31017 MEDIUM
Nav Menu Manager <= 3.2.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31008 MEDIUM
YouTube Embed <= 5.3.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32379 MEDIUM
koa < 2.16.1 and < 3.0.0-alpha.5 - Cross-Site Scripting via ctx.redirect()
CVSS 5.0
CVE-2025-29389 MEDIUM
PbootCMS v3.2.9 - Stored Cross-Site Scripting in Admin Content Management
CVSS 6.1
CVE-2025-3100 MEDIUM
WP Project Manager < 2.6.23 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-30292 MEDIUM
ColdFusion 2023.12 2021.18 2025.0 and earlier - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-27205 MEDIUM
Adobe Experience Manager Screens <FP11.3 - XSS
CVSS 5.4
CVE-2025-32211 MEDIUM
Broadstreet Ads <= 1.52.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32117 HIGH
OTWthemes Widgetize Pages Light <3.0 - XSS
CVSS 7.1
CVE-2025-27442 MEDIUM
Zoom Meeting SDK < 6.3.10 and Rooms < 6.4.0 - Unauthenticated Cross-Site Scripting
CVSS 4.6
CVE-2025-27441 MEDIUM
Zoom Meeting SDK < 6.3.10 and Rooms < 6.4.0 - Unauthenticated Cross-Site Scripting
CVSS 4.6
CVE-2025-27084 MEDIUM
AOS-10 GW/AOS-8 Controller/Mobility Conductor - XSS
CVSS 5.4
Details
Vulnerabilities 45,198
Exploit Likelihood High