CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22320 HIGH
ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22316 MEDIUM
WPBITS Addons For Elementor Page Builder <1.5.1 - XSS
CVSS 5.9
CVE-2025-22315 MEDIUM
WPDeveloper Typing Text <1.2.7 - XSS
CVSS 6.5
CVE-2025-22312 MEDIUM
ThimPress Thim Elementor Kit <1.2.8 - XSS
CVSS 6.5
CVE-2025-22310 MEDIUM
TemplatesNext ToolKit <= 3.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22309 MEDIUM
SpeakOut! Email Petitions <4.4.2 - XSS
CVSS 6.5
CVE-2025-22308 MEDIUM
inc2734 Smart Custom Fields <5.0.0 - XSS
CVSS 6.5
CVE-2025-22293 MEDIUM
Gutentor <= 3.4.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22261 MEDIUM
Pixelite WP FullCalendar <1.5 - XSS
CVSS 6.5
CVE-2025-21616 MEDIUM
Plane < 0.23.0 - Authenticated Stored Cross-Site Scripting via SVG Profile Image Upload
CVSS 5.4
CVE-2025-21612 HIGH
TabberNeue 1.9.1-2.7.1 - Cross-Site Scripting in TabberTransclude.php
CVSS 8.6
CVE-2025-0228 LOW
Code-projects Local Storage Todo App 1.0 - XSS
CVSS 2.4
CVE-2025-0220 LOW
Trimble SPS851 488.01 - Cross-Site Scripting via Hostname Argument
CVSS 2.4
CVE-2025-0219 LOW
Trimble SPS851 488.01 - Cross-Site Scripting via System Name Argument
CVSS 2.4
CVE-2025-22388 MEDIUM
Optimizely CMS < 12.22.0 - Stored Cross-Site Scripting in Content Editing and Link Management
CVSS 5.7
CVE-2025-22383 MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Cross-Site Scripting in Contact Us Functionality
CVSS 4.6
CVE-2025-21610 MEDIUM
Trix < 2.1.12 - Cross-Site Scripting via Malicious Link Field Paste
CVSS 5.3
CVE-2025-0175 LOW
code-projects Online Shop 1.0 - XSS
CVSS 3.5
CVE-2024-49269 HIGH
WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2024-30476 MEDIUM
Dell PowerStore - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2024-47097 MEDIUM
Reflected Cross-Site Scripting in Follet School Solutions Destiny
CVE-2024-47096 MEDIUM
Reflected Cross-Site Scripting in Follet School Solutions Destiny
CVE-2024-33724 MEDIUM
SOPlanning 1.52.00 - Cross-Site Scripting via groupe_id Parameter
CVSS 5.4
CVE-2024-13362 MEDIUM
Freemius SDK <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting
CVSS 6.1
CVE-2024-58344 MEDIUM
Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
CVSS 6.4
Details
Vulnerabilities 45,293
Exploit Likelihood High