CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,231)

page 61 of 962

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-32674	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through <= 4.7.
CVE-2025-32670	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through <= 1.3.5.
CVE-2025-32666	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Reflected XSS.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32653	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud cart66-cloud allows Reflected XSS.This issue affects Cart66 Cloud: from n/a through <= 2.3.7.
CVE-2025-32651	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net serped-net allows Reflected XSS.This issue affects SERPed.net: from n/a through <= 4.6.
CVE-2025-32649	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Reflected XSS.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
CVE-2025-32646	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer question-answer allows Reflected XSS.This issue affects Question Answer: from n/a through <= 1.2.70.
CVE-2025-32639	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite affiliate-links allows Reflected XSS.This issue affects Affiliate Links Lite: from n/a through <= 3.1.0.
CVE-2025-32638	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affects Mobile App for WooCommerce: from n/a through <= 0.4.61.
CVE-2025-32637	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate wp-donate allows Stored XSS.This issue affects WP Donate: from n/a through <= 2.0.
CVE-2025-32634	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Reflected XSS.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.1.1.
CVE-2025-32630	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2.
CVE-2025-32628	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce crowdfunding-for-woocommerce allows Reflected XSS.This issue affects Crowdfunding for WooCommerce: from n/a through <= 3.1.12.
CVE-2025-32625	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages mobile-pages allows Reflected XSS.This issue affects Mobile Pages: from n/a through <= 1.0.2.
CVE-2025-32622	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in otpless allows Reflected XSS.This issue affects OTP-less one tap Sign in: from n/a through <= 2.0.58.
CVE-2025-32615	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal clinked-client-portal allows Reflected XSS.This issue affects Clinked Client Portal: from n/a through <= 1.10.
CVE-2025-32613	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through <= 2.3.4.
CVE-2025-32611	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in We Are De WooCommerce TBC Credit Card Payment Gateway (Free) woo-tbc-payment-gateway allows Reflected XSS.This issue affects WooCommerce TBC Credit Card Payment Gateway (Free): from n/a through <= 2.0.0.
CVE-2025-32609	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Reflected XSS.This issue affects Verowa Connect: from n/a through <= 3.0.4.
CVE-2025-32608	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation movylo-widget allows Reflected XSS.This issue affects Movylo Marketing Automation: from n/a through <= 2.0.7.

CVE-2025-32674HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through <= 4.7.
CVE-2025-32670HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through <= 1.3.5.
CVE-2025-32666HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Reflected XSS.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32653HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud cart66-cloud allows Reflected XSS.This issue affects Cart66 Cloud: from n/a through <= 2.3.7.
CVE-2025-32651HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net serped-net allows Reflected XSS.This issue affects SERPed.net: from n/a through <= 4.6.
CVE-2025-32649HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Reflected XSS.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
CVE-2025-32646HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer question-answer allows Reflected XSS.This issue affects Question Answer: from n/a through <= 1.2.70.
CVE-2025-32639HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite affiliate-links allows Reflected XSS.This issue affects Affiliate Links Lite: from n/a through <= 3.1.0.
CVE-2025-32638HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affects Mobile App for WooCommerce: from n/a through <= 0.4.61.
CVE-2025-32637HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate wp-donate allows Stored XSS.This issue affects WP Donate: from n/a through <= 2.0.
CVE-2025-32634HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Reflected XSS.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.1.1.
CVE-2025-32630HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2.
CVE-2025-32628HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce crowdfunding-for-woocommerce allows Reflected XSS.This issue affects Crowdfunding for WooCommerce: from n/a through <= 3.1.12.
CVE-2025-32625HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages mobile-pages allows Reflected XSS.This issue affects Mobile Pages: from n/a through <= 1.0.2.
CVE-2025-32622HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in otpless allows Reflected XSS.This issue affects OTP-less one tap Sign in: from n/a through <= 2.0.58.
CVE-2025-32615HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal clinked-client-portal allows Reflected XSS.This issue affects Clinked Client Portal: from n/a through <= 1.10.
CVE-2025-32613HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through <= 2.3.4.
CVE-2025-32611HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in We Are De WooCommerce TBC Credit Card Payment Gateway (Free) woo-tbc-payment-gateway allows Reflected XSS.This issue affects WooCommerce TBC Credit Card Payment Gateway (Free): from n/a through <= 2.0.0.
CVE-2025-32609HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Reflected XSS.This issue affects Verowa Connect: from n/a through <= 3.0.4.
CVE-2025-32608HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation movylo-widget allows Reflected XSS.This issue affects Movylo Marketing Automation: from n/a through <= 2.0.7.