CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-24632 HIGH
AlgolPlus Advanced Dynamic Pricing <4.9.0 - XSS
CVSS 7.1
CVE-2025-24609 HIGH
PORTONE <= 3.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24608 HIGH
GD Mail Queue <= 4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24563 HIGH
ThemeGlow Cleanup - Classifieds WP <1.0.4 - XSS
CVSS 7.1
CVE-2025-24560 HIGH
Awesome Event Booking <= 2.7.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24551 HIGH
OneTeamSoftware Radio Buttons & Swatches - WooCommerce <1.1.20 - XSS
CVSS 7.1
CVE-2025-24535 HIGH
SKT Donation <= 1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24534 HIGH
Emili Castells DPortfolio <2.0 - XSS
CVSS 7.1
CVE-2025-23987 MEDIUM
Designer <= 1.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23759 HIGH
LeduChuy89VN Affiliate Tools <0.3.17 - XSS
CVSS 7.1
CVE-2025-23671 HIGH
WP OpenSearch <= 1.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23596 HIGH
Notifikcie.sk <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22757 MEDIUM
CodeBard Help Desk <= 1.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22564 HIGH
Pretty Url <= 1.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22341 HIGH
Hide Login+ <= 3.5.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22332 HIGH
CloudFlare(R) Cache Purge <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0809 HIGH
Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting via Broken Links
CVSS 7.2
CVE-2025-0507 MEDIUM
Ticketmeo - Sell Tickets - Event Ticketing <2.3.6 - XSS
CVSS 6.4
CVE-2025-0470 MEDIUM
Forminator Forms - WordPress <1.38.2 - XSS
CVSS 6.1
CVE-2025-24885 HIGH
pwncollege/dojo - Stored Cross-Site Scripting via Custom Page Rendering
CVSS 7.6
CVE-2025-22221 MEDIUM
VMware Aria Operation for Logs - XSS
CVSS 5.2
CVE-2025-22219 MEDIUM
VMware Aria Operations for Logs - XSS
CVSS 6.8
CVE-2025-0871 LOW
Maybecms 1.2 - Cross-Site Scripting via data_info[content] Parameter
CVSS 3.5
CVE-2025-0869 MEDIUM
Cianet ONU GW24AC <= 20250127 - Cross-Site Scripting via Login browserLang Parameter
CVSS 4.3
CVE-2025-0747 HIGH
EmbedAI < 2.1 - Authenticated Stored Cross-Site Scripting in Chat Message
CVSS 8.6
Details
Vulnerabilities 45,287
Exploit Likelihood High