CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-30545 MEDIUM
issuuPress <= 1.3.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30540 MEDIUM
AvaiBook <= 1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30539 MEDIUM
BMo Expo <= 1.0.15 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30537 MEDIUM
Cristian Sarov Upload Quota per User <1.3 - XSS
CVSS 5.9
CVE-2025-30536 MEDIUM
zeitwesentech Beautiful Link Preview <1.5.0 - XSS
CVSS 5.9
CVE-2025-30533 MEDIUM
gopiplus Message ticker <= 9.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30532 MEDIUM
Weather Layer <= 4.2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30530 MEDIUM
AI Preloader <= 1.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30527 MEDIUM
codetoolbox My Bootstrap Menu <1.2.1 - XSS
CVSS 5.9
CVE-2025-2700 LOW
dante3 0.4.0-0.4.4 - Cross-Site Scripting in Insert Link Handler
CVSS 3.5
CVE-2025-2699 LOW
GetmeUK ContentTools < 1.6.16 - Cross-Site Scripting via Image Handler onload Argument
CVSS 3.5
CVE-2025-1203 LOW
MetaSlider WordPress plugin <3.95.0 - XSS
CVSS 3.5
CVE-2025-1062 LOW
MetaSlider WordPress plugin <3.95.0 - XSS
CVSS 3.5
CVE-2025-2673 LOW
code-projects Payroll Management System 1.0 - XSS
CVSS 3.5
CVE-2025-2650 LOW
PHPGurukul Medical Card Generation System 1.0 - XSS
CVSS 3.5
CVE-2025-2645 LOW
PHPGurukul Art Gallery Management System 1.0 - XSS
CVSS 3.5
CVE-2025-0718 MEDIUM
Nested Pages WordPress <3.2.13 - XSS
CVSS 4.8
CVE-2025-2623 LOW
westboy CicadasCMS 1.0 - Cross-Site Scripting via Title/Content/Laiyuan Argument
CVSS 3.5
CVE-2025-2617 LOW
crud 1.0.0 - Cross-Site Scripting in Department Page
CVSS 2.4
CVE-2025-26796 MEDIUM
Apache Oozie - Cross-Site Scripting
CVSS 5.4
CVE-2025-2577 MEDIUM
Bitspecter Suite <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-2616 LOW
crud 1.0.0 - Cross-Site Scripting in Role Management Page
CVSS 2.4
CVE-2025-2484 MEDIUM
Multi Video Box <= 1.5.2 - Unauthenticated Reflected Cross-Site Scripting via video_id and group_id Parameters
CVSS 6.1
CVE-2025-2482 MEDIUM
Gotcha | Gesture-based Captcha <1.0.0 - XSS
CVSS 6.1
CVE-2025-2479 MEDIUM
Easy Custom Admin Bar <= 1.0 - Unauthenticated Reflected Cross-Site Scripting via 'msg' Parameter
CVSS 6.1
Details
Vulnerabilities 45,239
Exploit Likelihood High