CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23992 MEDIUM
Leetoo Toocheke Companion <1.166 - XSS
CVSS 5.9
CVE-2025-23809 HIGH
Blue Wrench Video Widget <2.1.0 - XSS
CVSS 7.1
CVE-2025-24027 MEDIUM
PrestaShop ps_contactinfo <= 3.3.2 - Stored Cross-Site Scripting via Formatted Address Rendering
CVSS 6.2
CVE-2025-23966 HIGH
AlaFalaki a Gateway for Pasargad Bank on WooCommerce <2.5.2 - XSS
CVSS 7.1
CVE-2025-23959 HIGH
Good Old Gallery <= 2.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23882 HIGH
WP Download Codes <= 2.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23874 HIGH
WP Block Pack <= 1.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23867 HIGH
WordPress File Search <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23866 HIGH
EU DSGVO Helper <= 1.0.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23846 HIGH
Kolja Nolte Flexible Blogtitle <0.1 - XSS
CVSS 7.1
CVE-2025-23812 HIGH
Contact Form 7 Round Robin Lead Distribution <1.2.1 - XSS
CVSS 7.1
CVE-2025-23811 HIGH
WP2APP <= 2.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23798 HIGH
Mass Messaging in BuddyPress <= 2.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23770 HIGH
Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23769 HIGH
Content Mirror <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23768 HIGH
InFunding <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23758 HIGH
Pootle button <= 1.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23746 HIGH
CMC MIGRATE <= 0.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23732 HIGH
NotFound Easy Filtering <2.5.0 - XSS
CVSS 7.1
CVE-2025-23709 HIGH
Formatted post <= 1.01 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23706 HIGH
Jet Skinner for BuddyPress <1.2.5 - XSS
CVSS 7.1
CVE-2025-23701 HIGH
Lime Developer Login <= 1.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23700 HIGH
Yonatan Reinberg yCyclista <1.2.3 - XSS
CVSS 7.1
CVE-2025-23697 HIGH
Podlnkov inzerce <= 2.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23696 HIGH
Staging CDN <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,293
Exploit Likelihood High