CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,256 vulnerabilities with CWE-79
CVE-2025-25460 MEDIUM
FlatPress 1.3.1 - Authenticated Stored Cross-Site Scripting in Add Entry TextArea Field
CVSS 4.8
CVE-2025-27352 HIGH
wumii team - Cross-Site Scripting
CVSS 7.1
CVE-2025-27351 MEDIUM
Local Search SEO Contact Page <= 4.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27349 MEDIUM
nurelm Get Posts <= 0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27348 MEDIUM
WP Social SEO Booster - Knowledge Graph Social Signals SEO <= 1.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27347 MEDIUM
techmix Direct Checkout Button for WooCommerce - XSS
CVSS 6.5
CVE-2025-27341 MEDIUM
afzal_du Reactive Mortgage Calculator <1.1 - XSS
CVSS 6.5
CVE-2025-27331 MEDIUM
WooCommerce Display Products by Tags <1.0.0 - XSS
CVSS 6.5
CVE-2025-27330 MEDIUM
PlayerJS <= 2.23 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27329 MEDIUM
inlinkz EZ InLinkz linkup <0.18 - XSS
CVSS 6.5
CVE-2025-27327 MEDIUM
Winlin Live Streaming Video Player - XSS
CVSS 6.5
CVE-2025-27325 MEDIUM
Bruce Video.js HLS Player <= 1.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27323 MEDIUM
Jon Bishop WP About Author <1.5 - XSS
CVSS 6.5
CVE-2025-27320 MEDIUM
Pankaj Mondal Profile Widget Ninja <4.3 - XSS
CVSS 6.5
CVE-2025-27307 MEDIUM
Quotes llama <= 3.0.1 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-27306 MEDIUM
Pathomation <= 2.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27305 MEDIUM
Achal Jain Table of Contents Block <1.0.2 - XSS
CVSS 6.5
CVE-2025-27304 MEDIUM
Contact Form 7 Star Rating with font Awesome - XSS
CVSS 5.9
CVE-2025-27303 MEDIUM
Contact Form 7 Star Rating <1.10 - XSS
CVSS 5.9
CVE-2025-27280 MEDIUM
Alobaidi Archive Page <= 1.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27266 MEDIUM
Ignacio Perez Hover Image Button <1.1.2 - XSS
CVSS 6.5
CVE-2025-27265 MEDIUM
Google Maps for WordPress <1.0.3 - XSS
CVSS 6.5
CVE-2025-0545 MEDIUM
Tekrom Technology T-Soft E-Commerce <5 - XSS
CVSS 4.7
CVE-2025-1618 MEDIUM
vtiger CRM 6.4.0-6.5.0 - Cross-Site Scripting via _operation Parameter
CVSS 4.3
CVE-2025-1617 LOW
Netis WF2780 2.1.41925 - Cross-Site Scripting via Wireless 2.4G Menu SSID Parameter
CVSS 2.4
Details
Vulnerabilities 45,256
Exploit Likelihood High