CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-27793 MEDIUM
Vega <5.32.0/5.17.0 - Code Injection
CVE-2025-26738 MEDIUM
Graham Quick Interest Slider <4.1.3 - XSS
CVSS 6.5
CVE-2025-26737 MEDIUM
yudleethemes City Store <1.4.5 - XSS
CVSS 6.5
CVE-2025-26736 MEDIUM
MorningTime Lite <= 1.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26734 MEDIUM
peregrinethemes Hester <2.1.10 - XSS
CVSS 6.5
CVE-2025-26732 MEDIUM
StoreBiz <= 1.0.32 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26731 MEDIUM
Repute Infosystems ARPrice <4.1.3 - XSS
CVSS 6.5
CVE-2025-26619 MEDIUM
vega and vega-functions - Cross-Site Scripting via Unsupported JavaScript Function Calls
CVSS 6.1
CVE-2025-22816 MEDIUM
Power Mag <= 1.1.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2255 HIGH
GitLab 13.5.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Cross-Site Scripting in AppSec Error Messages
CVSS 8.7
CVE-2025-0811 HIGH
GitLab 17.7-17.8.5, 17.9-17.9.2, 17.10 - Cross-Site Scripting via File Rendering
CVSS 8.7
CVE-2025-31140 MEDIUM
JetBrains TeamCity < 2025.03 - Stored Cross-Site Scripting on Cloud Profiles Page
CVSS 4.6
CVE-2025-30925 MEDIUM
The Pack Elementor addons <= 2.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30922 MEDIUM
Simplebooklet PDF Viewer & Embedder <1.1.1 - XSS
CVSS 6.5
CVE-2025-30920 MEDIUM
teastudio.pl WP Posts Carousel <1.3.7 - XSS
CVSS 6.5
CVE-2025-30918 MEDIUM
codemacher Structured Content <1.6.3 - XSS
CVSS 6.5
CVE-2025-30907 MEDIUM
SecuPress Free <= 2.2.5.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30904 MEDIUM
Ays Pro Chartify < 3.1.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30903 MEDIUM
Alex Mills SyntaxHighlighter Evolved <3.7.1 - XSS
CVSS 6.5
CVE-2025-30900 MEDIUM
Zoho Billing - Embed Payment Form < 4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30899 MEDIUM
User Registration < 4.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30898 MEDIUM
Mahdi Yousefi's WooCommerce Plugin - XSS
CVSS 6.5
CVE-2025-30893 MEDIUM
LeadConnector <= 3.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30873 MEDIUM
Greenshift <= 11.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30867 MEDIUM
SearchIQ < 4.7 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,227
Exploit Likelihood High