CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-27574 LOW
KDDI HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in USB Storage File-Sharing Function
CVSS 3.6
CVE-2025-27567 MEDIUM
HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in NickName Registration Screen
CVSS 5.4
CVE-2025-1705 MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Stored Cross-Site Scripting via CSRF in td_ajax_get_views
CVSS 6.1
CVE-2025-2804 MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Reflected Cross-Site Scripting via account_id and account_username Parameters
CVSS 6.1
CVE-2025-31092 MEDIUM
Ninja Team Click to Chat - WP Support All-in-One Floating Widget <2...
CVSS 6.5
CVE-2025-31101 MEDIUM
VaultRE Contact Form 7 <= 1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31031 MEDIUM
Astoundify Job Colors for WP Job Manager <1.0.5 - XSS
CVSS 5.9
CVE-2025-2878 LOW
Kentico CMS < 13.0.178 - Cross-Site Scripting via New Database Parameter in Install Wizard
CVSS 2.4
CVE-2025-26874 HIGH
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30366 MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-30363 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-30362 MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-26762 MEDIUM
WooCommerce <= 9.7.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22640 MEDIUM
Paytm Payment Donation <2.3.3 - XSS
CVSS 5.9
CVE-2025-22638 MEDIUM
Acowebs Product Table For WooCommerce <1.2.3 - XSS
CVSS 6.5
CVE-2025-22628 HIGH
Foliovision Filled In <= 1.9.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22497 MEDIUM
A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget ...
CVSS 6.5
CVE-2025-22496 MEDIUM
Notif Bell <= 0.9.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22278 MEDIUM
yudleethemes Whitish Lite <2.1.13 - XSS
CVSS 6.5
CVE-2025-22660 MEDIUM
Wolfgang Include Mastodon Feed <1.9.9 - XSS
CVSS 6.5
CVE-2025-22659 MEDIUM
Orbit Fox by ThemeIsle <= 2.10.44 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22649 MEDIUM
WP Project Manager <= 2.6.22 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22648 MEDIUM
Plugin Devs Blog, Posts and Category Filter for Elementor <2.0.1 - XSS
CVSS 6.5
CVE-2025-22646 MEDIUM
aThemes Addons for Elementor <= 1.0.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22644 MEDIUM
ThemeHunk Vayu Blocks < 1.4.3 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,227
Exploit Likelihood High