CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-2205 MEDIUM
GDPR Cookie Compliance < 4.15.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2078 MEDIUM
BlogBuzzTime for WP <= 1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2077 MEDIUM
Simple Amazon Affiliate <= 1.0.9 - Unauthenticated Reflected Cross-Site Scripting via 'msg' Parameter
CVSS 6.1
CVE-2025-2076 MEDIUM
binlayerpress < 1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2214 LOW
Microweber 2.0.19 - Cross-Site Scripting via Settings Handler Group Argument
CVSS 3.5
CVE-2025-2213 LOW
Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via SSID Parameter in Wireless Menu
CVSS 2.4
CVE-2025-2212 LOW
Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via /RgSwInfo.asp Description Parameter
CVSS 2.4
CVE-2025-2211 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDictDetail/add Name Parameter
CVSS 2.4
CVE-2025-2210 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysJob/add Name Parameter
CVSS 2.4
CVE-2025-2209 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDict/add Name Parameter
CVSS 2.4
CVE-2025-2208 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via Filename Handler
CVSS 2.4
CVE-2025-28943 MEDIUM
mylo2h2s DP ALTerminator <1.0.2 - XSS
CVSS 5.9
CVE-2025-28937 MEDIUM
Lavacode Lava Ajax Search <1.1.9 - XSS
CVSS 5.9
CVE-2025-28936 MEDIUM
Lunar <= 1.3.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28930 MEDIUM
List Mixcloud <= 1.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-28929 MEDIUM
Vivek Marakana Tabbed Login Widget <1.1.2 - XSS
CVSS 6.5
CVE-2025-28926 MEDIUM
Post Read Time <= 1.2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28919 MEDIUM
Shellbot Easy Image Display <1.2.5 - XSS
CVSS 6.5
CVE-2025-28918 MEDIUM
A. Jones Featured Image Thumbnail Grid <6.6.1 - XSS
CVSS 6.5
CVE-2025-28914 MEDIUM
wordpress login form to anywhere <= 0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28908 MEDIUM
pipdig pipDisqus <= 1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28907 MEDIUM
WP Last Modified <= 0.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28906 MEDIUM
Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28905 HIGH
Chaser324 Featured Posts Grid <1.7 - XSS
CVSS 7.1
CVE-2025-28895 HIGH
sumanbiswas013 Custom top bar <2.0.2 - XSS
CVSS 7.1
Details
Vulnerabilities 45,246
Exploit Likelihood High