CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-0272 MEDIUM
HCL DevOps Deploy 8.0.0.0-8.0.1.4 and HCL Launch 7.0.0.0-7.0.5.25 - HTML Injection in Web UI
CVSS 5.4
CVE-2025-3157 LOW
Intelbras WRN 150 1.0.15_pt_ITB01 - XSS
CVSS 2.4
CVE-2025-31907 HIGH
Labib Ahmed Team Builder <1.3 - XSS
CVSS 7.1
CVE-2025-31905 HIGH
Team Rosters <= 4.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31903 HIGH
NotFound XV Random Quotes <1.37 - XSS
CVSS 7.1
CVE-2025-31902 HIGH
Social Share And Social Locker <1.4.1 - XSS
CVSS 7.1
CVE-2025-31901 HIGH
Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31900 HIGH
Lexicata <= 1.0.16 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31899 HIGH
Awesome Logos <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31898 HIGH
MediaView <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31893 MEDIUM
Cheesefather Botnet Attack Blocker <2.0.0 - XSS
CVSS 6.5
CVE-2025-31626 HIGH
M. Ali Saleem Support Helpdesk Ticket System Lite <4.5.2 - XSS
CVSS 7.1
CVE-2025-31622 MEDIUM
Utkarsh Kukreti Advanced Typekit <1.0.1 - XSS
CVSS 6.5
CVE-2025-31582 HIGH
Ashish Ajani Contact Form vCard Generator <2.4 - XSS
CVSS 7.1
CVE-2025-31573 HIGH
PeproDev CF7 Database <= 2.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-31536 HIGH
Moshensky CF7 Spreadsheets <2.3.2 - XSS
CVSS 7.1
CVE-2025-31468 HIGH
WP_Identicon <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31467 HIGH
Flickr Photostream <= 3.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31442 HIGH
NotFound Search engine keywords highlighter <0.1.3 - XSS
CVSS 7.1
CVE-2025-31436 HIGH
Blubrry PowerPress Podcasting <0.1.1 - XSS
CVSS 7.1
CVE-2025-31091 MEDIUM
CM Header and Footer <= 1.2.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30858 HIGH
Tribulant Software Snow Storm <1.4.6 - XSS
CVSS 7.1
CVE-2025-30616 HIGH
NotFound Latest Custom Post Type Updates - XSS
CVSS 7.1
CVE-2025-30611 HIGH
Wptobe-signinup <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2946 CRITICAL
pgAdmin <= 9.1 - Cross-Site Scripting via Query Result Rendering
CVSS 9.1
Details
Vulnerabilities 45,211
Exploit Likelihood High