CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,217 vulnerabilities with CWE-79
CVE-2025-31437 MEDIUM
WP-OGP <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31434 MEDIUM
FormLift for Infusionsoft Web Forms <7.5.19 - XSS
CVSS 6.5
CVE-2025-31433 MEDIUM
Magic Embeds <= 3.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-2870 MEDIUM
Clinic Queuing System 1.0 - Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2025-2869 MEDIUM
clinic_queuing_system 1.0 - Reflected Cross-Site Scripting via id Parameter in manage_user.php
CVSS 6.1
CVE-2025-2868 MEDIUM
Clinic Queuing System 1.0 - Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2025-31102 HIGH
Bob Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31096 MEDIUM
WPXPO PostX <= 4.1.25 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31094 MEDIUM
teastudio.pl WP Posts Carousel <1.3.8 - XSS
CVSS 6.5
CVE-2025-31093 MEDIUM
redpixelstudios RPS Include Content <1.2.1 - XSS
CVSS 6.5
CVE-2025-31090 MEDIUM
alordiel Dropdown Multisite selector - XSS
CVSS 6.5
CVE-2025-31088 MEDIUM
Cozmoslabs Paid Member Subscriptions <2.14.3 - XSS
CVSS 6.5
CVE-2025-31083 MEDIUM
ZEEN101 Leaky Paywall <4.21.7 - XSS
CVSS 6.5
CVE-2025-31077 MEDIUM
Ultimate Blocks <= 3.2.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31073 MEDIUM
Unlimited <= 1.45 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27574 LOW
KDDI HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in USB Storage File-Sharing Function
CVSS 3.6
CVE-2025-27567 MEDIUM
HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in NickName Registration Screen
CVSS 5.4
CVE-2025-1705 MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Stored Cross-Site Scripting via CSRF in td_ajax_get_views
CVSS 6.1
CVE-2025-2804 MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Reflected Cross-Site Scripting via account_id and account_username Parameters
CVSS 6.1
CVE-2025-31092 MEDIUM
Ninja Team Click to Chat - WP Support All-in-One Floating Widget <2...
CVSS 6.5
CVE-2025-31101 MEDIUM
VaultRE Contact Form 7 <= 1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31031 MEDIUM
Astoundify Job Colors for WP Job Manager <1.0.5 - XSS
CVSS 5.9
CVE-2025-2878 LOW
Kentico CMS < 13.0.178 - Cross-Site Scripting via New Database Parameter in Install Wizard
CVSS 2.4
CVE-2025-26874 HIGH
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30366 MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
CVSS 5.4
Details
Vulnerabilities 45,217
Exploit Likelihood High