CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-23591 HIGH
blu Logistics <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23590 HIGH
Dezdy <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23588 HIGH
WOW Best CSS Compiler <= 2.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23582 HIGH
Haider Ali Bulk Categories Assign - XSS
CVSS 7.1
CVE-2025-23581 MEDIUM
Digital Zoom Studio Demo User DZS - XSS
CVSS 6.5
CVE-2025-23561 MEDIUM
MLL Audio Player MP3 Ajax <0.8 - XSS
CVSS 6.5
CVE-2025-23491 HIGH
VSTEMPLATE Creator <= 2.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22775 HIGH
idIA Tech Catalog Importer, Scraper & Crawler <5.1.3 - XSS
CVSS 7.1
CVE-2025-22704 HIGH
Abinav Thakuri WordPress Signature - CSRF
CVSS 7.1
CVE-2025-22684 HIGH
Hakan Ozevin WP BASE Booking <5.0.0 - XSS
CVSS 7.1
CVE-2025-22683 MEDIUM
WPDeveloper NotificationX <= 2.9.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22682 HIGH
Hesabfa Accounting <= 2.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22679 HIGH
PickPlugins Job Board Manager - XSS
CVSS 7.1
CVE-2025-22292 MEDIUM
Powerful Auto Chat <= 1.9.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25063 MEDIUM
Backdrop CMS 1.28.0-1.28.4 and 1.29.0-1.29.2 - Stored Cross-Site Scripting via SVG Image Upload
CVSS 4.4
CVE-2025-25062 MEDIUM
Backdrop CMS <1.28.5, <1.29.3 - XSS
CVSS 4.4
CVE-2025-0972 LOW
Zenvia Movidesk <= 25.01.22 - Stored Cross-Site Scripting via New Ticket Subject
CVSS 3.5
CVE-2025-0971 LOW
Zenvia Movidesk < 25.01.22 - Cross-Site Scripting via Profile Editing Username Parameter
CVSS 3.5
CVE-2025-0961 LOW
Job Recruitment 1.0 - Cross-Site Scripting via business_stream_name/company_website_url Parameter
CVSS 3.5
CVE-2025-22994 MEDIUM
Zoneland O2oa - XSS
CVSS 6.1
CVE-2025-0930 MEDIUM
TeamCal Neo 3.8.2 - Reflected Cross-Site Scripting via 'abs' Parameter
CVSS 6.1
CVE-2025-24718 HIGH
SWIT WP Sessions Time Monitoring Full Automatic - XSS
CVSS 7.1
CVE-2025-24710 HIGH
Gwolle Guestbook <= 4.7.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24686 HIGH
RegistrationMagic <= 6.0.3.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24635 HIGH
Paytm Payment Donation <2.3.1 - XSS
CVSS 7.1
Details
Vulnerabilities 45,287
Exploit Likelihood High