CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,870)
This vulnerability allows attackers to inject malicious scripts into web pages through the Visitor Maps Extended Referer Field WordPress plugin. When ...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Diamond WordPress theme, which are then executed in vi...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through DOM-based cross-site scripting (XSS) in t...
Feb 20, 2026This stored cross-site scripting (XSS) vulnerability in the NEX-Forms WordPress plugin allows attackers to inject malicious scripts into web pages tha...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the NEX-Forms WordPress plugin. When users visit a special...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the GhostPool Aardvark WordPress theme. When users visit a...
Feb 20, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WordPress Simple Archive Generator plugin. Attackers can inject malicio...
Feb 20, 2026This reflected cross-site scripting (XSS) vulnerability in the Membee Login WordPress plugin allows attackers to inject malicious scripts into web pag...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Asynchronous Javascript WordPress plugin. When users v...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into the amr cron manager WordPress plugin, which are then reflected back to users' br...
Feb 20, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Widget Logic Visual WordPress plugin. Attackers can inject malicious sc...
Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the Crocoblock JetEngine WordPress plugin. It allows attackers to inject malicious scr...
Feb 20, 2026This Cross-Site Scripting (XSS) vulnerability in the RealMag777 GMap Targeting WordPress plugin allows attackers to inject malicious scripts into web ...
Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Educare WordPress plugin. When users visit a specially...
Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the FluentCart WordPress plugin. Attackers can inject malicious scripts via crafted UR...
Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the WP Wizard Cloak WordPress plugin that allows attackers to inject malicious scripts...
Feb 20, 2026This stored cross-site scripting (XSS) vulnerability in the WordPress Easy Taxonomy Images plugin allows attackers to inject malicious scripts into we...
Feb 20, 2026The Form Maker WordPress plugin has a stored XSS vulnerability in versions up to 1.15.35. Unauthenticated attackers can inject malicious JavaScript in...
Feb 3, 2026The Library Viewer WordPress plugin before version 3.2.0 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized parameters ar...
Feb 2, 2026This stored XSS vulnerability in the Modula Image Gallery WordPress plugin allows attackers to inject malicious scripts into web pages that persist in...
Jan 22, 2026A stored cross-site scripting vulnerability in Autodesk Fusion allows attackers to inject malicious HTML into component descriptions. When users click...
Jan 22, 2026This stored cross-site scripting vulnerability in Autodesk Fusion allows attackers to inject malicious HTML into part attributes. When users click the...
Jan 22, 2026A stored cross-site scripting vulnerability in Autodesk Fusion allows attackers to inject malicious HTML into design names. When users view the delete...
Jan 22, 2026This stored cross-site scripting (XSS) vulnerability in the JobWP WordPress plugin allows attackers to inject malicious scripts into web pages that ar...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Magazine WordPress theme. When users visit a spe...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Spa WordPress theme. When users visit a speciall...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Test Email WordPress plugin. When users visit a spe...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Hotel Listing WordPress plugin. When users visit a spe...
Jan 22, 2026This reflected cross-site scripting (XSS) vulnerability in the LambertGroup Universal Video Player WordPress plugin allows attackers to inject malicio...
Jan 22, 2026This reflected cross-site scripting (XSS) vulnerability in the ListingPro Reviews WordPress plugin allows attackers to inject malicious scripts into w...
Jan 22, 2026This reflected cross-site scripting (XSS) vulnerability in the LambertGroup Universal Video Player WordPress plugin allows attackers to inject malicio...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Super Logos Showcase WordPress plugin. When users visi...
Jan 22, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the KenthaRadio WordPress theme. Attackers can inject malicious scripts via...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the JNews - Frontend Submit WordPress plugin. When users v...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the JNews - Video WordPress plugin. When users visit a spe...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the ShoutOut WordPress plugin that allows attackers to inject malicious scripts into w...
Jan 22, 2026This stored cross-site scripting (XSS) vulnerability in the Infility Global WordPress plugin allows attackers to inject malicious scripts into web pag...
Jan 22, 2026This stored XSS vulnerability in the Dinatur WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when ...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the Dooodl WordPress plugin that allows attackers to inject malicious scripts into web...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the bidorbuy Store Integrator WordPress plugin. When users...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into the WP Simple Redirect WordPress plugin, which are then reflected back to users' ...
Jan 22, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Ravpage WordPress plugin. Attackers can inject malicious scripts via cr...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the MemberPress Discord Addon WordPress plugin. When users...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Easy Theme Options WordPress plugin. When users visit ...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Quote Master WordPress plugin. When users visit specia...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the wpCAS WordPress plugin, which are then executed in vic...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Syntax Highlighter Compress WordPress plugin. When use...
Jan 22, 2026This reflected cross-site scripting (XSS) vulnerability in the Hoteller WordPress theme allows attackers to inject malicious scripts into web pages by...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the DotLife WordPress theme that allows attackers to inject malicious scripts into web...
Jan 22, 2026This DOM-based XSS vulnerability in the Craft Coffee Shop WordPress theme allows attackers to inject malicious scripts into web pages viewed by users....
Jan 22, 2026About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,870 CVEs classified as CWE-79, with 275 rated critical and 2,378 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free