CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,278 vulnerabilities with CWE-79
CVE-2025-1354 MEDIUM
ASUS RT-N10E and RT-N12E - Stored Cross-Site Scripting via SSID Parameter in sysinfo.asp
CVE-2025-1337 LOW
Eastnets PaymentSafe <2.5.26.0 - XSS
CVSS 3.5
CVE-2025-1332 LOW
FastCMS < 0.1.5 - Cross-Site Scripting in Template Menu
CVSS 2.4
CVE-2025-1005 MEDIUM
ElementsKit Elementor addons <3.4.0 - XSS
CVSS 6.4
CVE-2025-25304 MEDIUM
Vega < 5.26.0 and vega-selections < 5.4.2 - Cross-Site Scripting via vlSelectionTuples Function
CVE-2025-25296 MEDIUM
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
CVSS 6.1
CVE-2025-26158 MEDIUM
Kashipara Online Attendance Management System V1.0 - Stored Cross-Site Scripting via Department Parameter
CVSS 5.6
CVE-2025-25990 MEDIUM
hoosk 1.7.1 - Cross-Site Scripting via /install/index.php
CVSS 6.1
CVE-2025-25988 MEDIUM
hoosk 1.8 - Cross-Site Scripting via Custom Link Title Parameter
CVSS 4.8
CVE-2025-1239 MEDIUM
WatchGuard Fireware OS 12.0-12.5.12+701324 12.6-12.11 - Authenticated Stored Cross-Site Scripting via Blocked Sites List
CVE-2025-1071 MEDIUM
WatchGuard Fireware 12.0-12.5.12+701324 12.6-12.11 - Authenticated Stored Cross-Site Scripting in spamBlocker Module
CVSS 4.8
CVE-2025-24700 HIGH
WP Event Aggregator <= 1.8.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24688 HIGH
brandtoss WP Mailster <1.8.20.0 - XSS
CVSS 7.1
CVE-2025-24641 HIGH
rickonline_nl Better WishList API <1.1.3 - XSS
CVSS 7.1
CVE-2025-24617 HIGH
AcyMailing SMTP Newsletter < 9.11.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24616 HIGH
UIUX Lab Uix Page Builder <1.7.3 - XSS
CVSS 7.1
CVE-2025-24615 HIGH
fatcatapps Analytics Cat <1.1.2 - XSS
CVSS 7.1
CVE-2025-24614 HIGH
agileLogix Post Timeline <2.3.9 - XSS
CVSS 7.1
CVE-2025-24592 HIGH
SysBasics Customize My Account for WooCommerce <2.8.22 - XSS
CVSS 7.1
CVE-2025-24566 HIGH
Intro Tour Tutorial DeepPresentation <6.5.2 - XSS
CVSS 7.1
CVE-2025-24565 HIGH
Saleswonder Team Tobias WP2LEADS - XSS
CVSS 7.1
CVE-2025-24564 HIGH
aviplugins.com Contact Form With Shortcode <4.2.5 - XSS
CVSS 7.1
CVE-2025-24558 HIGH
CRM Perks <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24554 HIGH
AWcode Toolkit <= 1.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23905 HIGH
Johannes van Poelgeest Admin Options <0.9.7 - XSS
CVSS 7.1
Details
Vulnerabilities 45,278
Exploit Likelihood High