CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,870)
This stored cross-site scripting (XSS) vulnerability in the Codisto Omnichannel for WooCommerce plugin allows attackers to inject malicious scripts in...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Mail plugin, which are then executed in victims' br...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Netgsm WordPress plugin. When users visit specially cr...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the GLS Sh...
Jan 22, 2026This stored cross-site scripting (XSS) vulnerability in the CodeColorer WordPress plugin allows attackers to inject malicious scripts into web pages t...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the My Post Order WordPress plugin. When users visit a spe...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the WorkScout WordPress theme. Attackers can inject malicious scripts via crafted URLs...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the WorkScout-Core WordPress plugin that allows attackers to inject malicious scripts ...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the favethemes Homey Core WordPress plugin. Attackers can inject malicious scripts via...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the AdForest Elementor WordPress plugin. When users visit ...
Jan 22, 2026This Cross-Site Scripting (XSS) vulnerability in the Hostiko WordPress theme allows attackers to inject malicious scripts into web pages viewed by oth...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Tour WordPress theme. When users visit a special...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the My auctions allegro WordPress plugin. When users visit...
Jan 22, 2026This reflected cross-site scripting (XSS) vulnerability in the CleverSoft Anon WordPress theme allows attackers to inject malicious scripts into web p...
Jan 22, 2026This Cross-Site Scripting (XSS) vulnerability in the Crocoblock JetEngine WordPress plugin allows attackers to inject malicious scripts into web pages...
Jan 22, 2026This is a reflected cross-site scripting (XSS) vulnerability in the TheNa WordPress theme that allows attackers to inject malicious scripts into web p...
Jan 22, 2026This vulnerability allows attackers to inject malicious scripts into Pinpoll WordPress plugin pages, which execute in victims' browsers when they visi...
Jan 8, 2026This vulnerability allows attackers to inject malicious scripts into WordPress sites using the WP App Bar plugin. When users click specially crafted l...
Jan 8, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the PRIMER by chloédigital WordPress plugin. When users v...
Jan 8, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Visitor Stats Widget WordPress plugin. When users visi...
Jan 8, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP-BusinessDirectory WordPress plugin. When users visi...
Jan 8, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by WidgetKit Pro, a WordPress plugin. When users visit a spec...
Jan 7, 2026This Cross-Site Scripting (XSS) vulnerability in the Frenify Arlo WordPress theme allows attackers to inject malicious scripts into web pages viewed b...
Jan 7, 2026This vulnerability allows attackers to inject malicious scripts into DZS Video Gallery WordPress plugin pages, which execute in victims' browsers when...
Jan 7, 2026This reflected cross-site scripting (XSS) vulnerability in the WPCHURCH WordPress plugin allows attackers to inject malicious scripts into web pages v...
Jan 7, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in two WordPress plugins. Attackers can inject malicious scripts via crafted U...
Jan 6, 2026A reflected cross-site scripting (XSS) vulnerability in GT3 themes Photo Gallery WordPress plugin allows attackers to inject malicious scripts into we...
Jan 6, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the JobBank WordPress plugin, which are then executed in v...
Jan 6, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Header Image Slider WordPress plugin. When users visit...
Jan 6, 2026This Cross-Site Scripting (XSS) vulnerability in the Easy Social WordPress plugin allows attackers to inject malicious scripts into web pages viewed b...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into ZoomSounds WordPress plugin pages, which execute in victims' browsers when they v...
Dec 31, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Blappsta Mobile App Plugin for WordPress. Attackers can inject malicious scripts v...
Dec 31, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Sala WordPress theme that allows attackers to inject malicious scripts into web pa...
Dec 31, 2025This reflected cross-site scripting (XSS) vulnerability in the Zielke Design Project Gallery WordPress plugin allows attackers to inject malicious scr...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Matamko En Masse WordPress plugin. When users visit a ...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ZhinaTwitterWidget WordPress plugin. When users visit ...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ZD Scribd iPaper WordPress plugin. When users visit a ...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WordPress Custom Post Edit plugin. When users visit a ...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the LIVE TV WordPress plugin. When users visit a specially...
Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Ads24 Lite WordPress plugin. When users visit a specia...
Dec 30, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Sleekplan WordPress plugin. Attackers can inject malicious scripts via ...
Dec 30, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Product Puller plugin allows attackers to inject malicious scripts into web p...
Dec 30, 2025This reflected cross-site scripting (XSS) vulnerability in the Off Page SEO WordPress plugin allows attackers to inject malicious scripts into web pag...
Dec 30, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Advanced Custom CSS WordPress plugin. When users visit...
Dec 29, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Content Grid Slider WordPress plugin. When a user visi...
Dec 29, 2025This reflected cross-site scripting (XSS) vulnerability in the Invelity SPS Connect WordPress plugin allows attackers to inject malicious scripts into...
Dec 29, 2025This reflected cross-site scripting (XSS) vulnerability in the BoldGrid Sprout Clients WordPress plugin allows attackers to inject malicious scripts i...
Dec 18, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Bob Hostel WordPress plugin. When users visit a specia...
Dec 18, 2025This DOM-based Cross-Site Scripting (XSS) vulnerability in the Easy Invoice WordPress plugin allows attackers to inject malicious scripts into web pag...
Dec 18, 2025This Cross-Site Scripting (XSS) vulnerability in the FolioVision FV Antispam WordPress plugin allows attackers to inject malicious scripts into web pa...
Dec 18, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,870 CVEs classified as CWE-79, with 275 rated critical and 2,378 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free