CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-24585 MEDIUM
N.O.U.S. Open Useful and Simple Event post <5.9.7 - XSS
CVSS 6.5
CVE-2025-24579 MEDIUM
Kyle Phillips Nested Pages <3.2.9 - XSS
CVSS 5.9
CVE-2025-24578 MEDIUM
ElementInvader Addons for Elementor <= 1.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24575 MEDIUM
HelloAsso <= 1.1.11 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24573 MEDIUM
PageLayer <= 1.9.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24570 HIGH
Atarim <= 4.0.8 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-24547 MEDIUM
Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and J...
CVSS 6.5
CVE-2025-24542 MEDIUM
Icegram <= 3.1.31 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23889 HIGH
FooGallery Captions <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23888 HIGH
NotFound Custom Page Extensions <0.6 - XSS
CVSS 7.1
CVE-2025-23885 HIGH
MJ Contact us <= 5.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23839 HIGH
Sticky Button <= 1.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23838 HIGH
Bauernregeln <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23837 HIGH
NotFound One Backend Language <1.0 - XSS
CVSS 7.1
CVE-2025-23737 HIGH
Network-Favorites <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23734 HIGH
Gigaom Sphinx <= 0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23711 HIGH
Quote me <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23622 HIGH
CBX Accounting & Bookkeeping <1.3.14 - XSS
CVSS 7.1
CVE-2025-23621 HIGH
NotFound Causes - Donation Plugin <1.0.01 - XSS
CVSS 7.1
CVE-2025-23522 HIGH
HM Portfolio <= 1.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23427 HIGH
Redux Converter <= 1.1.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22714 HIGH
MDJM Event Management <1.7.5.5 - XSS
CVSS 7.1
CVE-2025-0314 HIGH
GitLab 17.2-17.6.3, 17.7-17.7.2, 17.8 - Cross-Site Scripting via File Rendering
CVSS 8.7
CVE-2025-23227 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0-7.3.0.11 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-23960 HIGH
Save & Import Image from URL <= 0.7 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,293
Exploit Likelihood High