CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 59 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-31027	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
CVE-2025-43839	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through <= 2.2.
CVE-2025-43837	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through <= 3.0.8.
CVE-2025-43836	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out syndicate-out allows Reflected XSS.This issue affects Syndicate Out: from n/a through <= 0.9.
CVE-2025-43832	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6.
CVE-2025-39446	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.
CVE-2025-39409	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CVE-2025-39407	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0.
CVE-2025-26997	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through <= 1.0.11.
CVE-2025-23988	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.
CVE-2025-23986	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3.
CVE-2025-23983	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through <= 1.43.
CVE-2025-23981	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6.
CVE-2025-23979	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1.
CVE-2025-22792	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2.
CVE-2025-22791	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twh offset writing allows Reflected XSS.This issue affects offset writing: from n/a through 1.2.
CVE-2025-22790	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1.
CVE-2025-22789	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2.
CVE-2025-22687	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.
CVE-2025-22678	Hig	0.46	7.1	May 19, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8.

CVE-2025-31027HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
CVE-2025-43839HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through <= 2.2.
CVE-2025-43837HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through <= 3.0.8.
CVE-2025-43836HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in confuzzledduck Syndicate Out syndicate-out allows Reflected XSS.This issue affects Syndicate Out: from n/a through <= 0.9.
CVE-2025-43832HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6.
CVE-2025-39446HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.
CVE-2025-39409HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CVE-2025-39407HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0.
CVE-2025-26997HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through <= 1.0.11.
CVE-2025-23988HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.
CVE-2025-23986HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3.
CVE-2025-23983HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through <= 1.43.
CVE-2025-23981HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6.
CVE-2025-23979HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1.
CVE-2025-22792HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2.
CVE-2025-22791HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twh offset writing allows Reflected XSS.This issue affects offset writing: from n/a through 1.2.
CVE-2025-22790HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1.
CVE-2025-22789HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2.
CVE-2025-22687HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.
CVE-2025-22678HigMay 19, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8.