CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-31766 MEDIUM
PhotoShelter Blog Feed Plugin <1.5.7 - XSS
CVSS 6.5
CVE-2025-31764 MEDIUM
Cache control by Cacholong <= 5.4.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31762 MEDIUM
Sheet2Site <= 1.0.18 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31761 MEDIUM
DEJAN Hypotext <= 1.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31760 MEDIUM
SnapWidget Social Photo Feed Widget <1.1.0 - XSS
CVSS 6.5
CVE-2025-31759 MEDIUM
Boo Recipes <= 2.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31754 MEDIUM
DobsonDev Shortcodes <= 2.1.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31750 MEDIUM
Breaking News WP <= 1.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31749 MEDIUM
WPelite HMH Footer Builder For Elementor - XSS
CVSS 6.5
CVE-2025-31748 MEDIUM
Opal Portfolio <= 1.0.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31747 MEDIUM
WP Chrono <= 1.5.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31745 MEDIUM
Arni Cinco Subscription Form <1.0.9 - XSS
CVSS 6.5
CVE-2025-31744 MEDIUM
Lightweight and Responsive Youtube Embed <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31743 MEDIUM
wpszaki Lightweight & Responsive Youtube Embed <1.0.0 - XSS
CVSS 6.5
CVE-2025-31742 MEDIUM
PixelDima Dima Take Action <1.0.5 - XSS
CVSS 5.9
CVE-2025-31741 MEDIUM
Easy Magazine <= 2.1.13 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31740 MEDIUM
aThemeArt News, Magazine and Blog Elements <1.3 - XSS
CVSS 6.5
CVE-2025-31738 MEDIUM
LeadQuizzes <= 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31737 MEDIUM
dxladner Client Showcase <1.2.0 - XSS
CVSS 6.5
CVE-2025-31735 MEDIUM
Footnotes for WordPress <= 2016.1230 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31734 MEDIUM
Syed Balkhi Simple Post Expiration <1.0.2 - XSS
CVSS 6.5
CVE-2025-31733 MEDIUM
WP Sitemap <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31731 MEDIUM
Philip John Author Bio Shortcode <2.5.3 - XSS
CVSS 6.5
CVE-2025-31730 MEDIUM
DigitalCourt Marketer Addons <1.0.1 - XSS
CVSS 6.5
CVE-2025-31121 MEDIUM
OpenEMR < 7.0.3.1 - Stored Cross-Site Scripting via EXIF Title in Patient Image
CVSS 5.4
Details
Vulnerabilities 45,211
Exploit Likelihood High