CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-24656 HIGH
Realtyna Provisioning <= 1.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24646 HIGH
XML for Avito <= 2.5.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24631 HIGH
PhiloPress BP Email Assign Templates <1.5 - XSS
CVSS 7.1
CVE-2025-24630 HIGH
MantraBrain Sikshya LMS <0.0.21 - XSS
CVSS 7.1
CVE-2025-24629 HIGH
WPGear Import Excel to Gravity Forms <1.18 - XSS
CVSS 7.1
CVE-2025-24620 HIGH
AIO Shortcodes <= 1.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-24576 HIGH
Fatcat Apps Landing Page Cat <1.7.7 - XSS
CVSS 7.1
CVE-2025-24574 HIGH
PeproDev WooCommerce Receipt Uploader <2.6.9 - XSS
CVSS 7.1
CVE-2025-24559 HIGH
WP Mailster <= 1.8.15.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24557 HIGH
plainware.com PlainInventory <3.1.5 - XSS
CVSS 7.1
CVE-2025-24545 HIGH
BannerSky.com BSK Forms Validation <1.7 - XSS
CVSS 7.1
CVE-2025-24544 HIGH
Alexandros Georgiou Bitcoin & Altcoin Wallets <6.3.1 - XSS
CVSS 7.1
CVE-2025-24541 HIGH
Emili Castells DK White Label - XSS
CVSS 7.1
CVE-2025-24536 HIGH
ThriveDesk <= 2.0.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23984 HIGH
Brainvireinfo Dynamic URL SEO <1.0 - XSS
CVSS 7.1
CVE-2025-23923 HIGH
Lockets <= 0.999 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23920 HIGH
ApplicantPro <= 1.3.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23799 HIGH
.TUBE Video Curator <= 1.1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23755 HIGH
PAFacile <= 2.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23747 MEDIUM
Awesome Timeline <= 1.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23685 HIGH
RomanCart <= 0.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23614 HIGH
Nik Sudan WordPress Additional Logins <1.0.0 - XSS
CVSS 7.1
CVE-2025-23599 HIGH
eMarksheet <= 5.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23594 HIGH
uzzal mondal Google Map With Fancybox <2.1.0 - XSS
CVSS 7.1
CVE-2025-23593 HIGH
EmailPress <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,287
Exploit Likelihood High