CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 57 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-47477	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.23.
CVE-2025-39539	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs WP Email Delivery wp-email-delivery allows Reflected XSS.This issue affects WP Email Delivery: from n/a through <= 1.20.11.23.
CVE-2025-32305	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8.
CVE-2025-31925	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows Reflected XSS.This issue affects SHOUT: from n/a through <= 3.5.3.
CVE-2025-31917	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.3.
CVE-2025-31638	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7.
CVE-2025-31426	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows Reflected XSS.This issue affects Sticky Radio Player: from n/a through <= 3.4.
CVE-2025-31061	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-31058	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a through <= 2.9.2.
CVE-2025-31057	Hig	0.46	7.1	Jun 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 1.4.0.
CVE-2025-48329	Hig	0.46	7.1	Jun 6, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48286	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation redi-restaurant-reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through <= 24.1209.
CVE-2025-48245	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through <= 8.2.1.
CVE-2025-48241	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <= 4.9.3.
CVE-2025-47680	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Reflected XSS.This issue affects xili-tidy-tags: from n/a through <= 1.12.06.
CVE-2025-47678	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Reflected XSS.This issue affects FunnelCockpit: from n/a through <= 1.4.3.
CVE-2025-47673	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.16.
CVE-2025-47618	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2.
CVE-2025-47613	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47611	Hig	0.46	7.1	May 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta user-meta allows Reflected XSS.This issue affects User Meta: from n/a through <= 3.1.2.

CVE-2025-47477HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.23.
CVE-2025-39539HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs WP Email Delivery wp-email-delivery allows Reflected XSS.This issue affects WP Email Delivery: from n/a through <= 1.20.11.23.
CVE-2025-32305HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8.
CVE-2025-31925HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows Reflected XSS.This issue affects SHOUT: from n/a through <= 3.5.3.
CVE-2025-31917HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.3.
CVE-2025-31638HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7.
CVE-2025-31426HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows Reflected XSS.This issue affects Sticky Radio Player: from n/a through <= 3.4.
CVE-2025-31061HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-31058HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a through <= 2.9.2.
CVE-2025-31057HigJun 9, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 1.4.0.
CVE-2025-48329HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48286HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation redi-restaurant-reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through <= 24.1209.
CVE-2025-48245HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through <= 8.2.1.
CVE-2025-48241HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <= 4.9.3.
CVE-2025-47680HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Reflected XSS.This issue affects xili-tidy-tags: from n/a through <= 1.12.06.
CVE-2025-47678HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Reflected XSS.This issue affects FunnelCockpit: from n/a through <= 1.4.3.
CVE-2025-47673HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.16.
CVE-2025-47618HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2.
CVE-2025-47613HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47611HigMay 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta user-meta allows Reflected XSS.This issue affects User Meta: from n/a through <= 3.1.2.