CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 52 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-49420	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a through <= 6.7.
CVE-2025-49413	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6.
CVE-2025-49411	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1.
CVE-2025-48297	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-48296	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= 1.7.0.
CVE-2025-48170	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-48168	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through <= 3.4.
CVE-2025-48163	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support lbg-audio8-html5-radio-ads allows Reflected XSS.This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through <= 3.5.4.
CVE-2025-48162	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Reflected XSS.This issue affects Simple Business Directory Pro: from n/a through <= 15.5.1.
CVE-2025-48159	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through <= 3.8.
CVE-2025-48154	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through <= 2.1.
CVE-2025-48152	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= 2.0.100.
CVE-2025-48151	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.1.6.
CVE-2025-28977	Hig	0.46	7.1	Aug 20, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-53575	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.5.
CVE-2025-52788	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8.
CVE-2025-49065	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0.
CVE-2025-49064	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10.
CVE-2025-49063	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6.
CVE-2025-49062	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3.

CVE-2025-49420HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a through <= 6.7.
CVE-2025-49413HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6.
CVE-2025-49411HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1.
CVE-2025-48297HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-48296HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= 1.7.0.
CVE-2025-48170HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through <= 3.2.1.
CVE-2025-48168HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through <= 3.4.
CVE-2025-48163HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support lbg-audio8-html5-radio-ads allows Reflected XSS.This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through <= 3.5.4.
CVE-2025-48162HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Reflected XSS.This issue affects Simple Business Directory Pro: from n/a through <= 15.5.1.
CVE-2025-48159HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through <= 3.8.
CVE-2025-48154HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through <= 2.1.
CVE-2025-48152HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= 2.0.100.
CVE-2025-48151HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.1.6.
CVE-2025-28977HigAug 20, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-53575HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.5.
CVE-2025-52788HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8.
CVE-2025-49065HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0.
CVE-2025-49064HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10.
CVE-2025-49063HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6.
CVE-2025-49062HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3.