CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-20179 MEDIUM
Cisco TelePresence Video Communication Server (VCS) Expressway - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-22602 MEDIUM
Discourse - Stored Cross-Site Scripting via Video Placeholder HTML Element
CVSS 6.5
CVE-2025-24967 MEDIUM
reNgine <= 2.2.0 - Stored Cross-Site Scripting in Admin Panel User Management
CVSS 5.4
CVE-2025-24966 MEDIUM
yogeshojha/rengine <= 2.2.0 - HTML Injection in Add Target Functionality
CVSS 5.4
CVE-2025-24602 HIGH
WP24 Domain Check <= 1.10.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24599 HIGH
Tribulant Newsletters <4.9.9.6 - XSS
CVSS 7.1
CVE-2025-24598 HIGH
WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23645 HIGH
Optimize Worldwide Find Content IDs - XSS
CVSS 7.1
CVE-2025-22794 HIGH
Landoweb Programador World Cup Predictor <1.9.6 - XSS
CVSS 7.1
CVE-2025-22697 MEDIUM
CyberChimps Responsive Blocks <= 1.9.9 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-22675 MEDIUM
Alert Box Block < 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22674 MEDIUM
Get Bowtied Product Blocks for WooCommerce <1.9.1 - XSS
CVSS 6.5
CVE-2025-22664 MEDIUM
Survey Maker <= 5.1.3.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22662 MEDIUM
SendPulse Email Marketing <2.1.5 - XSS
CVSS 6.5
CVE-2025-22653 MEDIUM
templaza Music Press Pro <1.4.6 - XSS
CVSS 6.5
CVE-2025-22642 MEDIUM
RTO GmbH Dynamic Conditions <1.7.4 - XSS
CVSS 6.5
CVE-2025-22641 MEDIUM
Prem Tiwari FM Notification Bar <1.0.2 - XSS
CVSS 5.9
CVE-2025-1015 MEDIUM
Thunderbird 128.0.1-128.6.9, 128.7-128.*, >=135 - Stored Cross-Site Scripting via Address Book URI Field Import
CVSS 5.4
CVE-2025-0368 MEDIUM
Banner Garden < 0.1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-23210 MEDIUM
PHPOffice PhpSpreadsheet <3.9.0, 2.0.0-2.1.8, 2.2.0-2.3.7, <1.29.9 - XSS via JavaScript Protocol Bypass
CVE-2025-24781 HIGH
WPJobBoard < 5.10.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24707 HIGH
GT3 Photo Gallery < 2.7.7.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24684 HIGH
Ederson Peka Media Downloader <0.4.7.5 - XSS
CVSS 7.1
CVE-2025-24676 HIGH
umangmetatagg Custom WP Store Locator <1.4.7 - XSS
CVSS 7.1
CVE-2025-24660 HIGH
wp.insider Simple Membership Custom Messages <2.4 - XSS
CVSS 7.1
Details
Vulnerabilities 45,287
Exploit Likelihood High