CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,876)
This Cross-Site Scripting (XSS) vulnerability in the Epic Review WordPress plugin allows attackers to inject malicious scripts into web pages viewed b...
Nov 6, 2025This vulnerability allows attackers to cause denial of service or memory corruption by tricking users into opening malicious media files. It affects m...
Nov 4, 2025This vulnerability allows cross-site scripting (XSS) attacks in SailPoint IdentityIQ when web services return non-HTML content with an incorrect HTML ...
Nov 3, 2025This Cross-Site Scripting (XSS) vulnerability in the Infomaniak VOD WordPress plugin allows attackers to inject malicious scripts into web pages. When...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WC Return products WordPress plugin. When users visit ...
Oct 22, 2025This Cross-site Scripting (XSS) vulnerability in the WordPress Pets plugin allows attackers to inject malicious scripts into web pages viewed by other...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the oik-privacy-policy WordPress plugin. When users visit ...
Oct 22, 2025This reflected cross-site scripting (XSS) vulnerability in the bbPress Notify WordPress plugin allows attackers to inject malicious scripts into web p...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Simple Stripe Checkout WordPress plugin. When users vi...
Oct 22, 2025This Cross-site Scripting (XSS) vulnerability in the Finale Lite WordPress plugin allows attackers to inject malicious scripts into web pages viewed b...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Smart Flexslider WordPress plugin. When users visit...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Email Attachment by Order Status & Products WordPress ...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages through the Robokassa payment gateway for WooCommerce. When exploited, ...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the bbPres...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Super Edit WordPress plugin. When users visit pages...
Oct 22, 2025This Cross-Site Scripting (XSS) vulnerability in the gAppointments WordPress plugin allows attackers to inject malicious scripts into web pages viewed...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ShareBang WordPress plugin. When users visit pages con...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WPCode Content Ratio WordPress plugin, which are then ...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Shortcode Generator WordPress plugin. When users visit...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Auto Login After Registration WordPress plugin. When e...
Oct 22, 2025This Cross-site Scripting (XSS) vulnerability in CrocoBlock's JetSearch WordPress plugin allows attackers to inject malicious scripts into web pages. ...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the WooCommerce Vehicle Parts Finder plug...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WSAnalytics WordPress plugin. When users visit a speci...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Somonator Terms Dictionary WordPress plugin. When user...
Oct 22, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WordPress Fix Multiple Redirects plugin. When users vi...
Oct 22, 2025A reflected cross-site scripting (XSS) vulnerability in the Uncode WordPress theme allows attackers to inject malicious scripts into web pages. When u...
Sep 26, 2025This vulnerability allows attackers to inject malicious scripts into ProfileGrid WordPress plugin pages, which execute in victims' browsers when they ...
Sep 26, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the VikRes...
Sep 22, 2025This CVE describes a cross-site scripting (XSS) vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) that allows attackers t...
Sep 21, 2025This cross-site scripting (XSS) vulnerability in Vizly Web Design Real Estate Packages allows attackers to inject malicious scripts into web pages, po...
Sep 19, 2025This stored cross-site scripting (XSS) vulnerability in the KaizenCoders Table of Content WordPress plugin allows attackers to inject malicious script...
Sep 5, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Theme Blvd Widget Areas WordPress plugin. When users v...
Aug 28, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Theme Switcher Reloaded WordPress plugin. When users v...
Aug 28, 2025This reflected cross-site scripting (XSS) vulnerability in the eboekhouden e-Boekhouden.nl WordPress plugin allows attackers to inject malicious scrip...
Aug 28, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Houzez WordPress theme that allows attackers to inject malicious scripts into web ...
Aug 28, 2025The WP Talroo WordPress plugin through version 2.4 contains a reflected cross-site scripting (XSS) vulnerability. It allows attackers to inject malici...
Aug 22, 2025This Cross-Site Scripting (XSS) vulnerability in the Druco WordPress theme allows attackers to inject malicious scripts into web pages viewed by other...
Aug 20, 2025This is a reflected cross-site scripting (XSS) vulnerability in the oik WordPress plugin that allows attackers to inject malicious scripts into web pa...
Aug 20, 2025This is a reflected cross-site scripting (XSS) vulnerability in the CreativeMedia Elite Video Player WordPress plugin. Attackers can inject malicious ...
Aug 20, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Schiocco Support Board WordPress plugin that allows attackers to inject malicious ...
Aug 20, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Universal Video Player - Addon for WPBakery Page Build...
Aug 20, 2025This reflected cross-site scripting (XSS) vulnerability in the LambertGroup HTML5 Radio Player WPBakery Page Builder Addon allows attackers to inject ...
Aug 20, 2025This reflected cross-site scripting (XSS) vulnerability in the LambertGroup Universal Video Player - Addon for WPBakery Page Builder WordPress plugin ...
Aug 20, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Simple Link Directory WordPress plugin. When users vis...
Aug 20, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the LambertGroup SHOUT WordPress plugin. Attackers can inject malicious scr...
Aug 20, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the LambertGroup Multimedia Playlist Slider Addon for WPBa...
Aug 20, 2025This reflected cross-site scripting (XSS) vulnerability in the CM Map Locations WordPress plugin allows attackers to inject malicious scripts into web...
Aug 20, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Pipes WordPress plugin, which are then executed in ...
Aug 20, 2025CVE-2025-55291 is a reflected Cross-Site Scripting (XSS) vulnerability in Shaarli bookmark manager where improper input sanitization on the cloud tag ...
Aug 18, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Primer...
Aug 14, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,876 CVEs classified as CWE-79, with 277 rated critical and 2,382 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free