CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-23546 HIGH
NotFound RDP inGroups+ <1.0.6 - XSS
CVSS 7.1
CVE-2025-23543 HIGH
FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23542 HIGH
RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23466 HIGH
wpsiteeditor Site Editor Google Map <1.0.1 - XSS
CVSS 7.1
CVE-2025-23460 HIGH
NotFound RWS Enquiry And Lead Follow-up - XSS
CVSS 7.1
CVE-2025-23459 HIGH
NotFound NS Simple Intro Loader <2.2.3 - XSS
CVSS 7.1
CVE-2025-22283 HIGH
GetSocial <= 2.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1312 MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.2.7 - XSS
CVSS 6.4
CVE-2025-1703 MEDIUM
WordPress Ultimate Blocks <3.2.7 - XSS
CVSS 6.4
CVE-2025-1439 MEDIUM
Advanced iFrame < 2024.5 - Authenticated Stored Cross-Site Scripting via Shortcode src Attribute
CVSS 6.4
CVE-2025-1437 MEDIUM
Advanced iFrame < 2025.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-2167 MEDIUM
WordPress Event post plugin <5.9.9 - XSS
CVSS 5.4
CVE-2025-2009 HIGH
WordPress Newsletters <4.9.9.7 - XSS
CVSS 7.2
CVE-2025-1784 MEDIUM
Spectra - WordPress Gutenberg Blocks <2.19.0 - XSS
CVSS 6.4
CVE-2025-2576 MEDIUM
WordPress kick-start kit plugin <1.0.3 - XSS
CVSS 6.4
CVE-2025-2573 MEDIUM
WPBakery Page Builder Addons < 2.0.0 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2025-2165 MEDIUM
SH Email Alert <= 1.0 - Reflected Cross-Site Scripting via 'mid' Parameter
CVSS 6.1
CVE-2025-1490 MEDIUM
Smart Maintenance Mode <= 1.5.2 - Unauthenticated Reflected Cross-Site Scripting via setstatus Parameter
CVSS 6.1
CVE-2025-2302 MEDIUM
Advanced Woo Search <= 3.28 - Authenticated Stored Cross-Site Scripting via aws_search_terms Shortcode
CVSS 6.4
CVE-2025-30219 MEDIUM
RabbitMQ < 4.0.3 - Stored Cross-Site Scripting via Virtual Host Name
CVSS 6.1
CVE-2025-26742 MEDIUM
GhozyLab Gallery for Social Photo <= 1.0.0.35 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27633 MEDIUM
Hitachi Energy TRMTracker 6.2-6.2.03, 6.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-2635 MEDIUM
Digital License Manager <= 1.7.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg()
CVSS 6.1
CVE-2025-2542 MEDIUM
Your Simple SVG Support <1.0.1 - XSS
CVSS 6.4
CVE-2025-2510 MEDIUM
Frndzk Expandable Bottom Bar <1.0 - XSS
CVSS 5.5
Details
Vulnerabilities 45,239
Exploit Likelihood High