CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23868 MEDIUM
Chess Tempo Viewer <= 0.9.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23865 MEDIUM
Winning Portfolio <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23864 MEDIUM
WP Code Snippets WCS QR Code Generator <1.0 - XSS
CVSS 6.5
CVE-2025-23863 MEDIUM
Rollover Tab <= 1.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23860 MEDIUM
Charity-thermometer <= 1.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23859 MEDIUM
Daily Proverb <= 2.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23856 MEDIUM
Alessandro Staniscia Simple Vertical Timeline - XSS
CVSS 6.5
CVE-2025-23854 MEDIUM
YesStreaming.com Shoutcast/Icecast <3.3 - XSS
CVSS 5.9
CVE-2025-23841 MEDIUM
Top Flash Embed <= 0.3.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23833 MEDIUM
RaminMT Links/Problem Reporter <2.6.0 - XSS
CVSS 6.5
CVE-2025-23831 MEDIUM
Rene Hermenau QR Code Generator <1.2.6 - XSS
CVSS 6.5
CVE-2025-23830 MEDIUM
Jobair JB Horizontal Scroller News Ticker - XSS
CVSS 6.5
CVE-2025-23828 HIGH
OriginalTips.com WordPress Data Guard - XSS
CVSS 7.1
CVE-2025-23827 HIGH
Strx Magic Floating Sidebar Maker <1.4.1 - XSS
CVSS 7.1
CVE-2025-23826 HIGH
Stop Comment Spam <= 0.5.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23825 MEDIUM
Alex Thorpe Easy Shortcode Buttons <1.2 - XSS
CVSS 6.5
CVE-2025-23824 MEDIUM
FontAwesome.io ShortCodes <1.0 - XSS
CVSS 6.5
CVE-2025-23816 MEDIUM
Metaphor Widgets <= 2.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23807 MEDIUM
Jimmy Hu Spiderpowa Embed PDF - XSS
CVSS 6.5
CVE-2025-23802 MEDIUM
WP-Revive Adserver <= 2.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23796 MEDIUM
Tushar Patel Easy Portfolio <1.3 - XSS
CVSS 6.5
CVE-2025-23795 MEDIUM
Gold Plugins Easy FAQs <3.2.1 - XSS
CVSS 6.5
CVE-2025-23794 MEDIUM
wp_amaps <= 1.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23791 MEDIUM
RocaPress Horizontal Line Shortcode <1.0 - XSS
CVSS 6.5
CVE-2025-23777 MEDIUM
Willows Consulting Ltd. GDPR Personal Data Reports <1.0.5 - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High