CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-2481 MEDIUM
MediaView <= 1.1.2 - Unauthenticated Reflected Cross-Site Scripting via 'id' Parameter
CVSS 6.1
CVE-2025-29322 MEDIUM
ScriptCase <v1.0.003 - Build 3 - XSS
CVSS 4.6
CVE-2025-27609 MEDIUM
Icinga Web 2 < 2.11.5 and 2.12.13 - Cross-Site Scripting
CVSS 5.4
CVE-2025-27406 HIGH
Icinga Reporting 0.10.0-1.0.2 - Stored Cross-Site Scripting via Template Injection
CVSS 7.6
CVE-2025-27405 HIGH
Icinga Web 2 < 2.11.5 and 2.12.13 - Stored Cross-Site Scripting via Crafted URL
CVSS 7.6
CVE-2025-28935 HIGH
Fancybox Plus <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28934 HIGH
NotFound Simple Post Series <2.4.4 - XSS
CVSS 7.1
CVE-2025-28928 HIGH
Are you robot google recaptcha for wordpress <2.2 - XSS
CVSS 7.1
CVE-2025-28924 HIGH
ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28921 HIGH
NotFound SpatialMatch IDX <3.0.9 - XSS
CVSS 7.1
CVE-2025-28917 HIGH
NotFound Custom Smilies <2.9.2 - XSS
CVSS 7.1
CVE-2025-28911 HIGH
Gravity 2 PDF <= 3.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28903 HIGH
NotFound Driving Directions <1.4.4 - XSS
CVSS 7.1
CVE-2025-28899 HIGH
NotFound WP Event Ticketing <1.3.4 - XSS
CVSS 7.1
CVE-2025-28890 HIGH
NotFound Lightview Plus <3.1.3 - XSS
CVSS 7.1
CVE-2025-28889 HIGH
Woocommerce Custom Product Stickers <1.9.0 - XSS
CVSS 7.1
CVE-2025-28885 MEDIUM
Fiverr.com Official Search Box <1.0.8 - XSS
CVSS 6.5
CVE-2025-28882 HIGH
Omnify <= 2.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28880 HIGH
Blue Captcha <= 1.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28877 HIGH
Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28869 HIGH
NextGEN Gallery Voting <2.7.6 - XSS
CVSS 7.1
CVE-2025-28865 HIGH
Lionelroux WP Colorful Tag Cloud <2.0.1 - XSS
CVSS 7.1
CVE-2025-28858 HIGH
Arrow Maps <= 1.0.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28855 HIGH
Teleport <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27404 HIGH
Icinga Web 2 < 2.11.5 and 2.12.13 - Stored Cross-Site Scripting via Crafted URL
CVSS 7.6
Details
Vulnerabilities 45,227
Exploit Likelihood High