CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22276 MEDIUM
Related Post Shortcode <= 1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22267 MEDIUM
Weaver Themes Shortcode Compatibility <1.0.4 - XSS
CVSS 6.5
CVE-2025-24018 HIGH
YesWiki <= 4.4.5 - Authenticated Stored Cross-Site Scripting via Attach Component
CVSS 7.6
CVE-2025-24017 HIGH
YesWiki <= 4.4.5 - DOM-Based Cross-Site Scripting via Tag Search Feature
CVSS 7.6
CVE-2025-24012 MEDIUM
Umbraco CMS 14.0.0-14.3.1 - Authenticated Cross-Site Scripting in Localized Backoffice Components
CVSS 4.6
CVE-2025-23998 HIGH
raratheme UltraLight <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23997 MEDIUM
Tamara Checkout < 1.9.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22825 MEDIUM
Flexible PDF Coupons < 1.10.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22763 HIGH
Brizy Pro < 2.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22735 HIGH
TaxoPress WordPress Tag Cloud Plugin - XSS
CVSS 7.1
CVE-2025-22733 HIGH
WPHocus My auctions allegro <3.6.18 - XSS
CVSS 7.1
CVE-2025-22732 MEDIUM
Admiral Ad Blocking Detector <3.6.0 - XSS
CVSS 6.5
CVE-2025-22727 MEDIUM
PluginOps MailChimp Subscribe Forms <4.1 - XSS
CVSS 6.5
CVE-2025-22719 HIGH
VikAppointments Services Booking Calendar <= 1.2.16 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22718 MEDIUM
FAT Event Lite <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22711 HIGH
Thomas Maier Image Source Control <2.29.0 - XSS
CVSS 7.1
CVE-2025-22709 HIGH
Verge3D <= 4.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22706 HIGH
Social Pug: Author Box <1.0.0 - XSS
CVSS 7.1
CVE-2025-22322 HIGH
Private Messages for UserPro <= 4.10.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22262 MEDIUM
Bonjour Bar <= 1.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-0450 MEDIUM
Betheme <= 27.6.1 - Authenticated Stored Cross-Site Scripting via Custom JS Functionality
CVSS 6.4
CVE-2025-0371 MEDIUM
JetElements < 2.7.3 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-22131 MEDIUM
PhpSpreadsheet <1.29.8 and 3.0.0-3.7.9 - Cross-Site Scripting in XLSX to HTML Translation
CVSS 6.1
CVE-2025-0581 LOW
CampCodes School Management Software 1.0 - XSS
CVSS 3.5
CVE-2025-0583 MEDIUM
a+HRD < 7.5 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 45,293
Exploit Likelihood High