CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-2299 MEDIUM
LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery via ajaxEdit Function
CVSS 6.1
CVE-2025-3152 LOW
caipeichao ThinkOX 1.0 - Cross-Site Scripting via Search Keywords Parameter
CVSS 3.5
CVE-2025-3149 LOW
itning Student Homework Management System <= 1.2.7 - Cross-Site Scripting via Edit Job Page Course Parameter
CVSS 2.4
CVE-2025-2874 MEDIUM
User Submitted Posts - WordPress <20240319 - XSS
CVSS 4.4
CVE-2025-1663 MEDIUM
Unlimited Elements For Elementor <= 1.5.142 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2025-2055 MEDIUM
MapPress Maps for WordPress < 2.94.9 - Authenticated Stored Cross-Site Scripting
CVSS 6.8
CVE-2025-3153 MEDIUM
Concrete CMS < 8.5.20 and 9.0.0-9.4.0RC2 - Cross-Site Request Forgery and Cross-Site Scripting in Address Attribute
CVSS 6.5
CVE-2025-3130 MEDIUM
Drupal Obfuscate < 2.0.1 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-27608 LOW
Arduino IDE < 2.3.5 - Self Cross-Site Scripting via Additional Board Manager URLs Field
CVE-2025-29719 MEDIUM
SourceCodester Employee Management System 1.0 - Stored Cross-Site Scripting via First Name and Address Fields
CVSS 6.1
CVE-2025-31286 MEDIUM
Trend Vision One - HTML Injection
CVSS 4.6
CVE-2025-20203 MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 4.8
CVE-2025-20120 MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 6.1
CVE-2025-30090 HIGH
SquirrelMail <1.4.23-svn-20250401, <1.5.2-svn-20250401 - XSS
CVSS 7.2
CVE-2025-3098 MEDIUM
Video Url <= 1.0.0.3 - Unauthenticated Reflected Cross-Site Scripting via 'id' Parameter
CVSS 6.1
CVE-2025-3097 MEDIUM
WordPress wp Time Machine <3.4.0 - CSRF
CVSS 6.1
CVE-2025-2513 MEDIUM
Smart Icons For WordPress <1.0.5 - XSS
CVSS 6.4
CVE-2025-2483 MEDIUM
Gift Certificate Creator <1.1.0 - XSS
CVSS 6.1
CVE-2025-27693 MEDIUM
Dell Wyse Management Suite < 5.1 - Authenticated Stored Cross-Site Scripting
CVSS 4.9
CVE-2025-31889 MEDIUM
petesheppard84 Extensions for Elementor <2.0.40 - XSS
CVSS 6.5
CVE-2025-31819 MEDIUM
Pixelgrade Nova Blocks <2.1.8 - XSS
CVSS 6.5
CVE-2025-31594 HIGH
WPglob Auto scroll for reading <= 1.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31578 HIGH
Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts - XSS
CVSS 7.1
CVE-2025-31571 HIGH
The Logo Slider <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31568 HIGH
LeadLab by wiredminds <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,211
Exploit Likelihood High