CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,217 vulnerabilities with CWE-79
CVE-2025-30006 MEDIUM
Xorcom CompletePBX < 5.2.36.1 - Reflected Cross-Site Scripting in Administrative Control Panel
CVSS 6.1
CVE-2025-30203 MEDIUM
Tuleap < 16.4-8 and < 16.5.99.1742562878 - Cross-Site Scripting via RSS Feed Widget
CVSS 4.8
CVE-2025-30149 MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via AJAX Script Target Parameter
CVSS 6.4
CVE-2025-29772 MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via hidden_subcategory Parameter
CVSS 6.1
CVE-2025-31629 MEDIUM
Infusionsoft Web Form JavaScript <= 1.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31627 MEDIUM
Media Library Assistant <3.24 - XSS
CVSS 5.9
CVE-2025-31625 HIGH
ramanparashar Useinfluence <1.0.8 - XSS
CVSS 7.1
CVE-2025-31624 MEDIUM
LABCAT Processing Projects <1.0.2 - XSS
CVSS 6.5
CVE-2025-31621 MEDIUM
byBrick Accordion <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31620 MEDIUM
carperfer CoverManager <0.0.1 - XSS
CVSS 6.5
CVE-2025-31615 HIGH
owenr88 Simple Contact Forms <1.6.4 - XSS
CVSS 7.1
CVE-2025-31614 MEDIUM
hiroprot Terms Before Download <1.0.4 - XSS
CVSS 6.5
CVE-2025-31610 MEDIUM
gingerplugins Notification Bar < 1.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31608 MEDIUM
CookieHint WP <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31607 MEDIUM
flomei Simple-Audioplayer <1.1 - XSS
CVSS 6.5
CVE-2025-31605 MEDIUM
WeblineIndia Welcome Popup <1.0.10 - XSS
CVSS 5.9
CVE-2025-31598 MEDIUM
WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce...
CVSS 6.5
CVE-2025-31597 MEDIUM
crazycric Ultimate Live Cricket WordPress Lite <1.4.2 - XSS
CVSS 6.5
CVE-2025-31595 MEDIUM
wpdiscover Timeline Event History <3.2 - XSS
CVSS 6.5
CVE-2025-31593 MEDIUM
OpenMenu < 3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31592 MEDIUM
Paolo Melchiorre Send E-mail <1.3 - XSS
CVSS 6.5
CVE-2025-31591 MEDIUM
Exit Popup Free <= 1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31590 MEDIUM
Denra.com WP Date and Time Shortcode <2.6.7 - XSS
CVSS 6.5
CVE-2025-31589 MEDIUM
Kibru Demeke Ethiopian Calendar - XSS
CVSS 6.5
CVE-2025-31587 MEDIUM
Elfsight Testimonials Slider <1.0.1 - XSS
CVSS 5.9
Details
Vulnerabilities 45,217
Exploit Likelihood High