CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,265)

page 66 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-24539	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.6.5.
CVE-2025-23858	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through <= 4.2.
CVE-2025-23855	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay spiderdisplay allows Reflected XSS.This issue affects SpiderDisplay: from n/a through <= 1.9.1.
CVE-2025-23782	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Reflected XSS.This issue affects TotalContest Lite: from n/a through <= 2.8.1.
CVE-2025-23448	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dastan800 visualslider Sldier visual-slider allows Reflected XSS.This issue affects visualslider Sldier: from n/a through <= 1.1.1.
CVE-2025-23443	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase author-showcase allows Reflected XSS.This issue affects Author Showcase: from n/a through <= 1.4.3.
CVE-2025-22796	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a through <= 2.85.0.
CVE-2025-22774	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through <= 1.0.1.
CVE-2025-22692	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link sponsered-link allows Reflected XSS.This issue affects Sponsered Link: from n/a through <= 4.0.
CVE-2025-22651	—	Hig	0.46	7.1	0.01	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader stylish-google-sheet-reader allows Reflected XSS.This issue affects Stylish Google Sheet Reader: from n/a through <= 4.0.
CVE-2025-22565	—	Hig	0.46	7.1	0.00	Apr 17, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 vooplayer allows Reflected XSS.This issue affects vooPlayer v4: from n/a through <= 4.0.4.
CVE-2025-32923	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through < 5.4.1.
CVE-2025-30984	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through <= 4.0.7.
CVE-2025-30970	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through <= 0.1.2.
CVE-2025-26746	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through <= 1.2.8.
CVE-2025-22263	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.
CVE-2025-31011	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
CVE-2025-30962	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through <= 6.5.8.
CVE-2025-26992	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8.
CVE-2025-26954	—	Hig	0.46	7.1	0.00	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect 1-jquery-photo-gallery-slideshow-flash allows Reflected XSS.This issue affects ZooEffect: from n/a through <= 1.11.

CVE-2025-24539HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.6.5.
CVE-2025-23858HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through <= 4.2.
CVE-2025-23855HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay spiderdisplay allows Reflected XSS.This issue affects SpiderDisplay: from n/a through <= 1.9.1.
CVE-2025-23782HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Reflected XSS.This issue affects TotalContest Lite: from n/a through <= 2.8.1.
CVE-2025-23448HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dastan800 visualslider Sldier visual-slider allows Reflected XSS.This issue affects visualslider Sldier: from n/a through <= 1.1.1.
CVE-2025-23443HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase author-showcase allows Reflected XSS.This issue affects Author Showcase: from n/a through <= 1.4.3.
CVE-2025-22796HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a through <= 2.85.0.
CVE-2025-22774HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through <= 1.0.1.
CVE-2025-22692HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link sponsered-link allows Reflected XSS.This issue affects Sponsered Link: from n/a through <= 4.0.
CVE-2025-22651HigApr 17, 2025
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader stylish-google-sheet-reader allows Reflected XSS.This issue affects Stylish Google Sheet Reader: from n/a through <= 4.0.
CVE-2025-22565HigApr 17, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 vooplayer allows Reflected XSS.This issue affects vooPlayer v4: from n/a through <= 4.0.4.
CVE-2025-32923HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through < 5.4.1.
CVE-2025-30984HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through <= 4.0.7.
CVE-2025-30970HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through <= 0.1.2.
CVE-2025-26746HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through <= 1.2.8.
CVE-2025-22263HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.
CVE-2025-31011HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
CVE-2025-30962HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through <= 6.5.8.
CVE-2025-26992HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8.
CVE-2025-26954HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect 1-jquery-photo-gallery-slideshow-flash allows Reflected XSS.This issue affects ZooEffect: from n/a through <= 1.11.