CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-25098 MEDIUM
Zack Katz Links in Captions <1.2 - XSS
CVSS 6.5
CVE-2025-25097 MEDIUM
kwiliarty External Video For Everybody <2.1.1 - XSS
CVSS 6.5
CVE-2025-25096 MEDIUM
RSS in Page <= 2.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25095 MEDIUM
ReverbNation Widgets <= 2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25094 MEDIUM
Amitythemes.com Breaking News Ticker <2.4.4 - XSS
CVSS 6.5
CVE-2025-25091 MEDIUM
zackdesign NextGen Cooliris Gallery <0.8 - XSS
CVSS 6.5
CVE-2025-25085 MEDIUM
matt_mcbrien WP SimpleWeather <0.2.5 - XSS
CVSS 6.5
CVE-2025-25082 MEDIUM
Max Chirkov FlexIDX Home Search <2.1.2 - XSS
CVSS 6.5
CVE-2025-25080 MEDIUM
gubbigubbi Kona Gallery Block <1.7 - XSS
CVSS 6.5
CVE-2025-25079 MEDIUM
Garrett Grimm Simple Select All Text Box <3.2 - XSS
CVSS 6.5
CVE-2025-25078 MEDIUM
Andrew Norcross Google Earth Embed <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25077 MEDIUM
dugbug Easy Chart Builder <1.3 - XSS
CVSS 6.5
CVE-2025-25076 MEDIUM
Graceful Email Obfuscation <0.2.2 - XSS
CVSS 6.5
CVE-2025-25073 MEDIUM
Vasilis Triantafyllou Easy WP Tiles - XSS
CVSS 5.9
CVE-2025-22402 LOW
Dell Update Manager Plugin 1.5.0-1.6.0 - Cross-Site Scripting
CVSS 2.6
CVE-2025-1085 MEDIUM
Animati PACS <= 1.24.12.09.03 - Cross-Site Scripting via /login p Parameter
CVSS 4.3
CVE-2025-1082 LOW
Mindskip xzs-mysql 3.9.0 - Stored Cross-Site Scripting in Exam Edit Handler
CVSS 3.5
CVE-2025-24981 CRITICAL
Nuxt MDC <0.13.3 - JavaScript URL Cross-Site Scripting
CVSS 9.3
CVE-2025-1076 MEDIUM
Holded - Stored Cross-Site Scripting via Activities Name and Icon Parameters
CVSS 4.8
CVE-2025-24803 MEDIUM
Mobile Security Framework < 4.3.1 - Stored Cross-Site Scripting via CFBundleIdentifier
CVSS 5.4
CVE-2025-24372 HIGH
CKAN < 2.10.7 and 2.11.0-2.11.2 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 7.3
CVE-2025-24320 HIGH
BIG-IP 15.1.0-15.1.10.6 - Stored Cross-Site Scripting in Configuration Utility
CVSS 8.0
CVE-2025-20205 MEDIUM
Cisco Identity Services Engine 3.0.0-3.2 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20204 MEDIUM
Cisco Identity Services Engine 3.0.0-3.2 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20180 MEDIUM
Cisco AsyncOS - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.8
Details
Vulnerabilities 45,287
Exploit Likelihood High