CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-1452 LOW
Favorites WordPress Plugin < 2.3.5 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2025-0845 MEDIUM
WordPress DesignThemes Core Features <4.8 - XSS
CVSS 6.4
CVE-2025-0717 LOW
Social Slider Feed <2.2.9 - Admin+ Stored XSS
CVSS 3.5
CVE-2025-2715 LOW
timschofield webERP <5.0.0.rc+13 - XSS
CVSS 3.5
CVE-2025-2714 MEDIUM
JoomlaUX JUX Real Estate 3.4.0 - Cross-Site Scripting via Plan ID Parameter
CVSS 4.3
CVE-2025-2712 MEDIUM
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2025-2711 MEDIUM
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2025-2710 MEDIUM
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2025-2709 MEDIUM
Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
CVSS 4.3
CVE-2025-2748 MEDIUM
Kentico Xperience CMS - Unauthenticated Stored XSS
CVSS 6.1
CVE-2025-30623 MEDIUM
wA11y - The Web Accessibility Toolbox <= 1.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30610 MEDIUM
WP Social Widget <= 2.2.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30606 MEDIUM
Logan Carlile Easy Page Transition <1.0.1 - XSS
CVSS 5.9
CVE-2025-30602 HIGH
Related Posts via Categories <= 2.1.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-30600 MEDIUM
WP Hotjar <= 0.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30599 MEDIUM
WP Parallax Content Slider <0.9.8 - XSS
CVSS 5.9
CVE-2025-30597 MEDIUM
IG Shortcodes <= 3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30595 MEDIUM
tstafford include-file <= 1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30593 MEDIUM
samsk Include URL <= 0.3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30575 MEDIUM
Arefly Login Redirect <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30574 MEDIUM
Jenst Mobile Navigation <= 1.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30573 MEDIUM
mrdenny My Default Post Content <0.7.3 - XSS
CVSS 5.9
CVE-2025-30566 MEDIUM
Aryan Themes Clink <= 1.2.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30553 MEDIUM
Z.com byGMO GMO Font Agent <1.6 - XSS
CVSS 6.5
CVE-2025-30551 MEDIUM
Pretty file links <= 0.9 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,239
Exploit Likelihood High