CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,217 vulnerabilities with CWE-79
CVE-2025-31586 MEDIUM
GhozyLab Gallery - Photo Albums Plugin <1.3.170 - XSS
CVSS 6.5
CVE-2025-31574 MEDIUM
SoftHopper Custom Content Scrollbar <1.3 - XSS
CVSS 6.5
CVE-2025-31567 MEDIUM
Themesflat Addons For Elementor <2.2.5 - XSS
CVSS 6.5
CVE-2025-31562 MEDIUM
Aphotrax Uptime Robot Plugin <2.3 - XSS
CVSS 6.5
CVE-2025-31559 MEDIUM
Caspio Bridge Custom Database <2.1 - XSS
CVSS 6.5
CVE-2025-31557 MEDIUM
MiKa OSM - OpenStreetMap <6.1.6 - XSS
CVSS 6.5
CVE-2025-31556 MEDIUM
IDX Broker IMPress for IDX Broker <= 3.2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31549 MEDIUM
Agency Dominion Inc. Fusion <= 1.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31543 MEDIUM
Twice Commerce <= 1.3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31538 MEDIUM
Checklist < 1.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31535 MEDIUM
Simple Owl Carousel <= 1.1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31532 MEDIUM
AtomChat <= 1.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31419 MEDIUM
Themeix Churel <= 1.0.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30963 MEDIUM
Crocoblock JetSmartFilters <3.6.3 - XSS
CVSS 6.5
CVE-2025-23995 HIGH
Tantyyellow <= 1.0.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30961 MEDIUM
Trackserver <= 5.1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2072 MEDIUM
FAST LTA Silent Brick WebUI 2.45-2.63.04 - Reflected Cross-Site Scripting via h/hd/p/pi/s/t/x/y Parameters
CVE-2025-3019 HIGH
KNIME Business Hub < 1.12.4 - Cross-Site Scripting via nuxt-security Module
CVSS 7.2
CVE-2025-2981 LOW
Legrand SMS PowerView 1.x - Cross-Site Scripting via Redirect Parameter
CVSS 3.5
CVE-2025-31414 MEDIUM
Stylemix Cost Calculator Builder <3.2.65 - XSS
CVSS 6.5
CVE-2025-31412 MEDIUM
JetProductGallery <= 2.1.22 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31043 MEDIUM
JetSearch <= 3.5.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30987 MEDIUM
JetBlocks For Elementor <1.3.16 - XSS
CVSS 6.5
CVE-2025-2979 LOW
WCMS 11 - Stored Cross-Site Scripting via Username Parameter in Registration
CVSS 2.4
CVE-2025-0613 MEDIUM
The Photo Gallery by 10Web <1.8.34 - XSS
CVSS 6.1
Details
Vulnerabilities 45,217
Exploit Likelihood High