CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 76 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23744	WordPress Random Posts Mp3 Player Sharebutton	Hig	0.46	7.1	Mar 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton random-posts-mp3-player-sharebutton allows Reflected XSS.This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through <= 1.4.1.
CVE-2025-28905	—	Hig	0.46	7.1	Mar 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through <= 1.7.
CVE-2025-28895	WordPress Custom Top Bar	Hig	0.46	7.1	Mar 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: from n/a through <= 2.1.
CVE-2025-27279	WordPress Flashfader	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lynk Flashfader flashfader allows Reflected XSS.This issue affects Flashfader: from n/a through <= 1.1.1.
CVE-2025-27278	WordPress Mapfig Premium Leaflet Map Maker	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through <= 5.1.1.0.
CVE-2025-27275	WordPress Woo Codice Fiscale	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale woo-codice-fiscale allows Reflected XSS.This issue affects WOO Codice Fiscale: from n/a through <= 1.6.3.
CVE-2025-27271	WordPress Db Tables Importexport	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through <= 1.0.1.
CVE-2025-27269	WordPress Htaccess Login Block	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affects .htaccess Login block: from n/a through <= 0.9a.
CVE-2025-26994	Softdiscover Zigaform	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS.This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through <= 7.4.2.
CVE-2025-26989	Softdiscover Zigaform	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= 7.4.2.
CVE-2025-26984	Cozyvision Sms Alert Order Notifications	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.
CVE-2025-26918	Eniture Small Package Quotes	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9.
CVE-2025-26917	Hasthemes Wp Templata	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a through <= 1.0.7.
CVE-2025-26914	WordPress Variable Inspector	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Variable Inspector variable-inspector allows Reflected XSS.This issue affects Variable Inspector: from n/a through <= 2.6.2.
CVE-2025-26879	WordPress S2member	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through <= 241216.
CVE-2025-26589	WordPress Ie Css3 Support	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1.
CVE-2025-26588	WordPress Ttt Crop	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a through <= 1.0.
CVE-2025-26587	WordPress Sidebartabs	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nghorta sidebarTabs sidebartabs allows Reflected XSS.This issue affects sidebarTabs: from n/a through <= 3.1.
CVE-2025-26586	WordPress Events Planner	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: from n/a through <= 1.3.10.
CVE-2025-26585	WordPress Dl Leadback	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a through <= 1.2.1.

CVE-2025-23744HigMar 15, 2025
WordPress
Random Posts Mp3 Player Sharebutton
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton random-posts-mp3-player-sharebutton allows Reflected XSS.This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through <= 1.4.1.
CVE-2025-28905HigMar 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through <= 1.7.
CVE-2025-28895HigMar 11, 2025
WordPress
Custom Top Bar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: from n/a through <= 2.1.
CVE-2025-27279HigMar 3, 2025
WordPress
Flashfader
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lynk Flashfader flashfader allows Reflected XSS.This issue affects Flashfader: from n/a through <= 1.1.1.
CVE-2025-27278HigMar 3, 2025
WordPress
Mapfig Premium Leaflet Map Maker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through <= 5.1.1.0.
CVE-2025-27275HigMar 3, 2025
WordPress
Woo Codice Fiscale
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale woo-codice-fiscale allows Reflected XSS.This issue affects WOO Codice Fiscale: from n/a through <= 1.6.3.
CVE-2025-27271HigMar 3, 2025
WordPress
Db Tables Importexport
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through <= 1.0.1.
CVE-2025-27269HigMar 3, 2025
WordPress
Htaccess Login Block
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affects .htaccess Login block: from n/a through <= 0.9a.
CVE-2025-26994HigMar 3, 2025
Softdiscover
Zigaform
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS.This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through <= 7.4.2.
CVE-2025-26989HigMar 3, 2025
Softdiscover
Zigaform
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= 7.4.2.
CVE-2025-26984HigMar 3, 2025
Cozyvision
Sms Alert Order Notifications
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.
CVE-2025-26918HigMar 3, 2025
Eniture
Small Package Quotes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9.
CVE-2025-26917HigMar 3, 2025
Hasthemes
Wp Templata
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata wptemplata allows Reflected XSS.This issue affects WP Templata: from n/a through <= 1.0.7.
CVE-2025-26914HigMar 3, 2025
WordPress
Variable Inspector
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Variable Inspector variable-inspector allows Reflected XSS.This issue affects Variable Inspector: from n/a through <= 2.6.2.
CVE-2025-26879HigMar 3, 2025
WordPress
S2member
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through <= 241216.
CVE-2025-26589HigMar 3, 2025
WordPress
Ie Css3 Support
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1.
CVE-2025-26588HigMar 3, 2025
WordPress
Ttt Crop
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a through <= 1.0.
CVE-2025-26587HigMar 3, 2025
WordPress
Sidebartabs
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nghorta sidebarTabs sidebartabs allows Reflected XSS.This issue affects sidebarTabs: from n/a through <= 3.1.
CVE-2025-26586HigMar 3, 2025
WordPress
Events Planner
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abelony Events Planner events-planner allows Reflected XSS.This issue affects Events Planner: from n/a through <= 1.3.10.
CVE-2025-26585HigMar 3, 2025
WordPress
Dl Leadback
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a through <= 1.2.1.