CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-2366 LOW
gougucms 4.08.18 - Cross-Site Scripting via Add Department Page Title Parameter
CVSS 2.4
CVE-2025-2364 LOW
lenve VBlog <= 1.0.0 - Stored Cross-Site Scripting via Article Service
CVSS 3.5
CVE-2025-2361 MEDIUM
Mercurial SCM 4.5.3/71.19.145.211 - XSS
CVSS 4.3
CVE-2025-2354 MEDIUM
VAM Virtual Airlines Manager <2.6.2 - XSS
CVSS 4.3
CVE-2025-2352 LOW
StarSea99 starsea-mall - Cross-Site Scripting via categoryName Parameter
CVSS 2.4
CVE-2025-2340 LOW
otale Tale Blog 2.0.5 - Stored Cross-Site Scripting in Site Settings via Site Title
CVSS 2.4
CVE-2025-1624 LOW
GDPR Cookie Compliance < 4.15.9 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2025-1623 LOW
GDPR Cookie Compliance < 4.15.9 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2025-1622 LOW
GDPR Cookie Compliance < 4.15.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2025-1621 MEDIUM
GDPR Cookie Compliance < 4.15.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2025-1620 MEDIUM
GDPR Cookie Compliance < 4.15.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2025-1619 MEDIUM
GDPR Cookie Compliance < 4.15.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2025-2335 LOW
Drivin Soluções up to 20250226 - XSS
CVSS 3.5
CVE-2025-26972 HIGH
NotFound PrivateContent <8.11.5 - XSS
CVSS 7.1
CVE-2025-26895 MEDIUM
maennchen1.de m1.DownloadList - XSS
CVSS 6.5
CVE-2025-26556 HIGH
WP AntiDDOS <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26555 HIGH
Debug-Bar-Extender <= 0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26554 HIGH
NotFound WP Discord Post <2.1.0 - XSS
CVSS 7.1
CVE-2025-26553 HIGH
Spring Devs Pre Order Addon - WooCommerce - Advance Order/Backorder...
CVSS 7.1
CVE-2025-26548 HIGH
NotFound Random Image Selector <2.4 - XSS
CVSS 7.1
CVE-2025-23744 HIGH
Random Posts, Mp3 Player + ShareButton <= 1.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2325 HIGH
WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVSS 7.2
CVE-2025-1773 MEDIUM
Traveler Theme <3.1.8 - XSS
CVSS 6.1
CVE-2025-2164 MEDIUM
pixelstats < 0.8.2 - Unauthenticated Reflected Cross-Site Scripting via post_id and sortby Parameters
CVSS 6.1
CVE-2025-2163 MEDIUM
Zoorum Comments < 0.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
Details
Vulnerabilities 45,239
Exploit Likelihood High