CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 51 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-53223	Hig	0.46	7.1	Aug 28, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded theme-switcher-reloaded allows Reflected XSS.This issue affects Theme Switcher Reloaded: from n/a through <= 1.1.
CVE-2025-53220	Hig	0.46	7.1	Aug 28, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes xmasb-quotes allows Reflected XSS.This issue affects XmasB Quotes: from n/a through <= 1.6.1.
CVE-2025-53215	Hig	0.46	7.1	Aug 28, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Reflected XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6.
CVE-2025-54670	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2.
CVE-2025-54056	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.8.
CVE-2025-54055	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2.
CVE-2025-54044	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.
CVE-2025-54032	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3.
CVE-2025-54027	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through <= 3.8.0.
CVE-2025-53564	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg_radio_player_addon_visual_composer allows Reflected XSS.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.
CVE-2025-53563	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider video_player_youtube_vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider: from n/a through <= 3.8.
CVE-2025-53562	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg_universal_video_player_addon_visual_composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-53559	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-53319	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0.
CVE-2025-53226	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box comments-capcha-box allows Reflected XSS.This issue affects Comments Capcha Box: from n/a through <= 1.1.
CVE-2025-53212	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist revolution-video-player allows Reflected XSS.This issue affects Revolution Video Player With Bottom Playlist: from n/a through <= 2.9.2.
CVE-2025-53205	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast lbg-audio4-html5-shoutcast allows Reflected XSS.This issue affects Radio Player Shoutcast & Icecast: from n/a through <= 4.4.7.
CVE-2025-53201	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.
CVE-2025-49893	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Nuss nuss allows Reflected XSS.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49424	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through <= 1.9.

CVE-2025-53223HigAug 28, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded theme-switcher-reloaded allows Reflected XSS.This issue affects Theme Switcher Reloaded: from n/a through <= 1.1.
CVE-2025-53220HigAug 28, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes xmasb-quotes allows Reflected XSS.This issue affects XmasB Quotes: from n/a through <= 1.6.1.
CVE-2025-53215HigAug 28, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Reflected XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6.
CVE-2025-54670HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2.
CVE-2025-54056HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.8.
CVE-2025-54055HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2.
CVE-2025-54044HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.
CVE-2025-54032HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3.
CVE-2025-54027HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through <= 3.8.0.
CVE-2025-53564HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg_radio_player_addon_visual_composer allows Reflected XSS.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through <= 2.5.
CVE-2025-53563HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider video_player_youtube_vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider: from n/a through <= 3.8.
CVE-2025-53562HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg_universal_video_player_addon_visual_composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-53559HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-53319HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0.
CVE-2025-53226HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box comments-capcha-box allows Reflected XSS.This issue affects Comments Capcha Box: from n/a through <= 1.1.
CVE-2025-53212HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist revolution-video-player allows Reflected XSS.This issue affects Revolution Video Player With Bottom Playlist: from n/a through <= 2.9.2.
CVE-2025-53205HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast lbg-audio4-html5-shoutcast allows Reflected XSS.This issue affects Radio Player Shoutcast & Icecast: from n/a through <= 4.4.7.
CVE-2025-53201HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8.
CVE-2025-49893HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Nuss nuss allows Reflected XSS.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49424HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through <= 1.9.