CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,261)

page 63 of 964

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-32540	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through <= 2.4.5.
CVE-2025-32535	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce dn-shipping-by-weight allows Reflected XSS.This issue affects DN Shipping by Weight for WooCommerce: from n/a through <= 1.2.
CVE-2025-32533	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Reflected XSS.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 2.1.7.
CVE-2025-32532	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff ux-sniff allows Reflected XSS.This issue affects UXsniff: from n/a through <= 1.3.3.
CVE-2025-32531	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Reflected XSS.This issue affects Arconix FAQ: from n/a through <= 1.9.5.
CVE-2025-32530	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Reflected XSS.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.8.
CVE-2025-32529	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator ione360-configurator allows Reflected XSS.This issue affects iONE360 configurator: from n/a through <= 2.0.57.
CVE-2025-32528	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maximevalette iCal Feeds ical-feeds allows Reflected XSS.This issue affects iCal Feeds: from n/a through <= 1.5.3.
CVE-2025-32527	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slider: from n/a through <= 1.2.
CVE-2025-32526	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through <= 3.3.101.
CVE-2025-32522	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Reflected XSS.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.9.
CVE-2025-32521	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block flip-boxes allows Reflected XSS.This issue affects Cool Flipbox – Shortcode & Gutenberg Block: from n/a through <= 1.8.3.
CVE-2025-32520	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed wp-condition allows Reflected XSS.This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through <= 4.1.1.
CVE-2025-32516	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue affects Related Videos for JW Player: from n/a through <= 1.2.0.
CVE-2025-32515	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal Africa: from n/a through <= 1.13.24.
CVE-2025-32514	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cscode WooCommerce Estimate and Quote wc-estimate-and-quote allows Reflected XSS.This issue affects WooCommerce Estimate and Quote: from n/a through <= 1.0.2.5.
CVE-2025-32513	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected XSS.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.6.
CVE-2025-32512	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revampcrm Revamp CRM for WooCommerce revampcrm-woocommerce allows Reflected XSS.This issue affects Revamp CRM for WooCommerce: from n/a through <= 1.1.2.
CVE-2025-32511	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce allows Reflected XSS.This issue affects Make Email Customizer for WooCommerce: from n/a through <= 1.0.6.
CVE-2025-32508	Hig	0.46	7.1	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ComMotion Course Booking System course-booking-system allows Reflected XSS.This issue affects Course Booking System: from n/a through <= 6.1.2.

CVE-2025-32540HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through <= 2.4.5.
CVE-2025-32535HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce dn-shipping-by-weight allows Reflected XSS.This issue affects DN Shipping by Weight for WooCommerce: from n/a through <= 1.2.
CVE-2025-32533HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Reflected XSS.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 2.1.7.
CVE-2025-32532HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff ux-sniff allows Reflected XSS.This issue affects UXsniff: from n/a through <= 1.3.3.
CVE-2025-32531HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Reflected XSS.This issue affects Arconix FAQ: from n/a through <= 1.9.5.
CVE-2025-32530HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Reflected XSS.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.8.
CVE-2025-32529HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator ione360-configurator allows Reflected XSS.This issue affects iONE360 configurator: from n/a through <= 2.0.57.
CVE-2025-32528HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maximevalette iCal Feeds ical-feeds allows Reflected XSS.This issue affects iCal Feeds: from n/a through <= 1.5.3.
CVE-2025-32527HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slider: from n/a through <= 1.2.
CVE-2025-32526HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through <= 3.3.101.
CVE-2025-32522HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Reflected XSS.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.9.
CVE-2025-32521HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block flip-boxes allows Reflected XSS.This issue affects Cool Flipbox – Shortcode & Gutenberg Block: from n/a through <= 1.8.3.
CVE-2025-32520HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed wp-condition allows Reflected XSS.This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through <= 4.1.1.
CVE-2025-32516HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue affects Related Videos for JW Player: from n/a through <= 1.2.0.
CVE-2025-32515HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal Africa: from n/a through <= 1.13.24.
CVE-2025-32514HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cscode WooCommerce Estimate and Quote wc-estimate-and-quote allows Reflected XSS.This issue affects WooCommerce Estimate and Quote: from n/a through <= 1.0.2.5.
CVE-2025-32513HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected XSS.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.6.
CVE-2025-32512HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revampcrm Revamp CRM for WooCommerce revampcrm-woocommerce allows Reflected XSS.This issue affects Revamp CRM for WooCommerce: from n/a through <= 1.1.2.
CVE-2025-32511HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce allows Reflected XSS.This issue affects Make Email Customizer for WooCommerce: from n/a through <= 1.0.6.
CVE-2025-32508HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ComMotion Course Booking System course-booking-system allows Reflected XSS.This issue affects Course Booking System: from n/a through <= 6.1.2.