CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-23754 HIGH
The Loops <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23752 HIGH
NotFound CGD Arrange Terms <1.1.3 - XSS
CVSS 7.1
CVE-2025-23669 MEDIUM
Nurul Amin, Mohammad Saiful Islam WP Smart Tooltip <1.0.0 - XSS
CVSS 6.5
CVE-2025-23574 HIGH
CubePM <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23531 HIGH
RSVPMaker Volunteer Roles <1.5.1 - XSS
CVSS 7.1
CVE-2025-23792 HIGH
Passwordless WP - Login with your glance or fingerprint <= 1.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23457 HIGH
Shipdeo <= 1.2.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22513 HIGH
NotFound Simple Locator <2.0.4 - XSS
CVSS 7.1
CVE-2025-0721 MEDIUM
needyamin image_gallery 1.0 - Cross-Site Scripting via Username Parameter in view.php
CVSS 4.3
CVE-2025-0350 MEDIUM
Divi Carousel Maker < 2.1.0 - Authenticated Stored XSS via Image and Logo Attributes
CVSS 6.4
CVE-2025-0710 LOW
CampCodes School Management Software 1.0 - XSS
CVSS 3.5
CVE-2025-0709 LOW
Dcat-Admin 2.2.1-beta - Cross-Site Scripting in Roles Page
CVSS 2.4
CVE-2025-0708 LOW
fumiao opencms 2.2 - Cross-Site Scripting via Add Model Management Page Template Prefix
CVSS 3.5
CVE-2025-0706 LOW
JoeyBling bootplus <247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d - XSS
CVSS 2.4
CVE-2025-24755 MEDIUM
add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template B...
CVSS 6.5
CVE-2025-24746 MEDIUM
Popup Maker <= 1.20.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24732 MEDIUM
BookingPress <= 1.1.25 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24731 MEDIUM
IP2Location Country Blocker <= 2.38.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24730 MEDIUM
RexTheme WP VR <= 8.5.14 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24729 MEDIUM
ElementInvader Addons for Elementor <= 1.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24727 MEDIUM
Contact Form Email <= 1.3.52 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24726 MEDIUM
HT Contact Form 7 <= 1.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24723 MEDIUM
CodePeople Booking Calendar Contact Form <1.2.55 - XSS
CVSS 5.9
CVE-2025-24722 MEDIUM
F.A.Q Builder Team FAQ Builder AYS - XSS
CVSS 5.9
CVE-2025-24721 MEDIUM
Easy YouTube Gallery <= 1.0.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,287
Exploit Likelihood High