CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22747 MEDIUM
Tor Morten Jensen Foundation Columns <0.9 - XSS
CVSS 6.5
CVE-2025-22746 MEDIUM
HireHive Job Plugin <= 2.9.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22745 MEDIUM
Navigation Du Lapin Blanc <1.1.1 - XSS
CVSS 6.5
CVE-2025-22744 MEDIUM
Rob von Bothmer/SeoDev S-DEV SEO - XSS
CVSS 6.5
CVE-2025-22743 MEDIUM
Twitter Bootstrap Collapse <1.0 - XSS
CVSS 6.5
CVE-2025-22742 MEDIUM
WP ViewSTL <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22738 MEDIUM
WP ULike <= 4.7.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22734 MEDIUM
Posts Footer Manager <= 2.1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22724 MEDIUM
MojofyWP Product Carousel For WooCommerce - WoorouSell - XSS
CVSS 6.5
CVE-2025-22587 MEDIUM
NCiphers SEO Bulk Editor <1.1.0 - XSS
CVSS 6.5
CVE-2025-22329 MEDIUM
Free Google Maps <= 1.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22317 HIGH
Photo Gallery - Image Gallery by Ape <= 2.2.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0448 MEDIUM
Google Chrome < 132.0.6834.83 - UI Spoofing via Compositing
CVSS 4.3
CVE-2025-0447 HIGH
Google Chrome <132.0.6834.83 - Privilege Escalation
CVSS 8.8
CVE-2025-0443 HIGH
Google Chrome <132.0.6834.83 - Privilege Escalation
CVSS 8.8
CVE-2025-0193 MEDIUM
MGate 5121/5122/5123 Series v1.0 - XSS
CVE-2025-0354 MEDIUM
NEC Aterm WG2600HS/WG2600HP4/WG2600HM4/WG2600HS2/WX3000HP/WX4200D5 - Cross-Site Scripting
CVSS 4.8
CVE-2025-22997 MEDIUM
Linksys E5600 Router 1.1.0.26 - Stored Cross-Site Scripting in prf_table_content via desc Parameter
CVSS 4.8
CVE-2025-22996 MEDIUM
Linksys E5600 Router 1.1.0.26 - Stored Cross-Site Scripting in spf_table_content via desc Parameter
CVSS 4.8
CVE-2025-23072 MEDIUM
Mediawiki - RefreshSpecial Extension <1.39.11-1.42.2 - XSS
CVSS 5.4
CVE-2025-23366 MEDIUM
HAL Management Console < 3.7.7 - Authenticated Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-21393 MEDIUM
Microsoft SharePoint Server - Spoofing
CVSS 6.3
CVE-2025-23081 MEDIUM
MediaWiki DataTransfer Extension 1.39.0-1.39.10, 1.41.0-1.41.2, 1.42.0-1.42.1 - CSRF and XSS
CVSS 6.1
CVE-2025-23080 MEDIUM
Mediawiki OpenBadges Ext <1.39.11-1.42.2 - XSS
CVSS 5.3
CVE-2025-0464 LOW
SourceCodester Task Reminder System 1.0 - XSS
CVSS 2.4
Details
Vulnerabilities 45,293
Exploit Likelihood High