CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-26553 HIGH
Spring Devs Pre Order Addon - WooCommerce - Advance Order/Backorder...
CVSS 7.1
CVE-2025-26548 HIGH
NotFound Random Image Selector <2.4 - XSS
CVSS 7.1
CVE-2025-23744 HIGH
Random Posts, Mp3 Player + ShareButton <= 1.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2325 HIGH
WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVSS 7.2
CVE-2025-1773 MEDIUM
Traveler Theme <3.1.8 - XSS
CVSS 6.1
CVE-2025-2164 MEDIUM
pixelstats < 0.8.2 - Unauthenticated Reflected Cross-Site Scripting via post_id and sortby Parameters
CVSS 6.1
CVE-2025-2163 MEDIUM
Zoorum Comments < 0.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2025-29782 MEDIUM
WeGIA < 3.2.17 - Stored Cross-Site Scripting via tipo Parameter in adicionar_tipo_docs_atendido.php
CVSS 5.4
CVE-2025-29771 MEDIUM
HtmlSanitizer < 2.0.3 - Cross-Site Scripting via ContentEditable InnerHTML Injection
CVE-2025-1888 MEDIUM
Aperio Eslide Manager >=12.3.2.5030 <12.3.2.5030 - Authenticated Reflected Cross-Site Scripting via Memo Field
CVSS 4.6
CVE-2025-26626 MEDIUM
glpi-inventory-plugin < 1.5.0 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-1526 MEDIUM
DethemeKit for Elementor <= 2.1.9 - Authenticated Stored Cross-Site Scripting via De Product Display Widget
CVSS 6.4
CVE-2025-2166 MEDIUM
CM FAQ < 1.2.5 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2025-28010 MEDIUM
MODX < 3.1.0 - Authenticated Stored Cross-Site Scripting via SVG Profile Image Upload
CVSS 5.4
CVE-2025-25625 MEDIUM
FS S3150-8T2F Firmware 220d_118101 & Web v2.2.2 - Authenticated Stored XSS via User Name
CVSS 5.4
CVE-2025-1487 HIGH
WoWPth < 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1486 HIGH
WoWPth < 2.0 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 7.1
CVE-2025-1401 HIGH
WP Click Info < 2.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1561 HIGH
AppPresser - Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting via Title Parameter
CVSS 7.2
CVE-2025-1503 MEDIUM
WP Recipe Maker <= 9.8.0 - Authenticated Stored Cross-Site Scripting via Roundup Recipe Name Field
CVSS 6.4
CVE-2025-1559 MEDIUM
CC-IMG-Shortcode <= 1.1.0 - Authenticated Stored Cross-Site Scripting via 'img' Shortcode
CVSS 6.4
CVE-2025-27867 MEDIUM
Apache Felix HTTP Webconsole Plugin 1.X-1.2.0 - Cross-Site Scripting
CVSS 5.6
CVE-2025-27915 MEDIUM KEV
Zimbra - Cross-Site Scripting via ICS Files
CVSS 5.4
CVE-2025-27914 MEDIUM
Zimbra Collaboration 9.0-10.1 - Authenticated Reflected Cross-Site Scripting via /h/rest Endpoint
CVSS 5.4
CVE-2025-1527 MEDIUM
ShopLentor < 3.1.0 - Authenticated Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module
CVSS 6.4
Details
Vulnerabilities 45,246
Exploit Likelihood High