CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 54 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-48345	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button cf7-editor-button allows Reflected XSS.This issue affects Contact Form 7 Editor Button: from n/a through <= 1.0.0.
CVE-2025-48291	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 26.0.6.
CVE-2025-47652	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.13.4.
CVE-2025-47554	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Reflected XSS.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6.
CVE-2025-46500	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through <= 3.26.0.
CVE-2025-31427	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme invico allows Reflected XSS.This issue affects Invico - WordPress Consulting Business Theme: from n/a through <= 1.9.
CVE-2025-31072	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through <= 2.0.
CVE-2025-31055	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 1.0.
CVE-2025-30955	Hig	0.46	7.1	Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy listingeasy allows Reflected XSS.This issue affects ListingEasy: from n/a through <= 1.9.2.
CVE-2024-43334	Hig	0.46	7.1	Jul 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavias Zilom zilom allows Reflected XSS.This issue affects Zilom: from n/a through < 1.4.5.
CVE-2025-52798	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < 3.0.6.
CVE-2025-52796	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-52776	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager video-list-manager allows Stored XSS.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-49866	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
CVE-2025-49274	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awordpresslife Neom Blog neom-blog allows Reflected XSS.This issue affects Neom Blog: from n/a through <= 0.0.9.
CVE-2025-49247	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase team-showcase-cm allows DOM-Based XSS.This issue affects Team Showcase: from n/a through < 25.05.13.
CVE-2025-49245	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Reflected XSS.This issue affects Testimonials Showcase: from n/a through <= 1.9.16.
CVE-2025-39487	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2.
CVE-2025-32311	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through <= 7.0.
CVE-2025-31037	Hig	0.46	7.1	Jul 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through <= 2.4.5.

CVE-2025-48345HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button cf7-editor-button allows Reflected XSS.This issue affects Contact Form 7 Editor Button: from n/a through <= 1.0.0.
CVE-2025-48291HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 26.0.6.
CVE-2025-47652HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.13.4.
CVE-2025-47554HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Reflected XSS.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6.
CVE-2025-46500HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through <= 3.26.0.
CVE-2025-31427HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme invico allows Reflected XSS.This issue affects Invico - WordPress Consulting Business Theme: from n/a through <= 1.9.
CVE-2025-31072HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through <= 2.0.
CVE-2025-31055HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 1.0.
CVE-2025-30955HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy listingeasy allows Reflected XSS.This issue affects ListingEasy: from n/a through <= 1.9.2.
CVE-2024-43334HigJul 7, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavias Zilom zilom allows Reflected XSS.This issue affects Zilom: from n/a through < 1.4.5.
CVE-2025-52798HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through < 3.0.6.
CVE-2025-52796HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.
CVE-2025-52776HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager video-list-manager allows Stored XSS.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-49866HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
CVE-2025-49274HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awordpresslife Neom Blog neom-blog allows Reflected XSS.This issue affects Neom Blog: from n/a through <= 0.0.9.
CVE-2025-49247HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase team-showcase-cm allows DOM-Based XSS.This issue affects Team Showcase: from n/a through < 25.05.13.
CVE-2025-49245HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Reflected XSS.This issue affects Testimonials Showcase: from n/a through <= 1.9.16.
CVE-2025-39487HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2.
CVE-2025-32311HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through <= 7.0.
CVE-2025-31037HigJul 4, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through <= 2.4.5.