CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,879)
This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Primer...
Aug 14, 2025This Cross-Site Scripting (XSS) vulnerability in the CaptionPix WordPress plugin allows attackers to inject malicious scripts into web pages viewed by...
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the User Language Switch WordPress plugin. When a user vis...
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Voting WordPress plugin. When users visit a special...
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP-jScrollPane WordPress plugin. When users visit a sp...
Aug 14, 2025This reflected cross-site scripting (XSS) vulnerability in the Time Sheets WordPress plugin allows attackers to inject malicious scripts into web page...
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Authentication and xmlrpc log writer WordPress plugin....
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Video Blogster Lite WordPress plugin. When users visit...
Aug 14, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Multimedia Playlist Slider Addon for WPBakery Page Bui...
Aug 14, 2025This reflected cross-site scripting (XSS) vulnerability in the Alike WordPress plugin allows attackers to inject malicious scripts into web pages view...
Aug 14, 2025This Cross-Site Scripting (XSS) vulnerability in ZoomIt WooCommerce Shop Page Builder allows attackers to inject malicious scripts into web pages view...
Aug 14, 2025Agorum core open versions 11.9.2 and 11.10.1 contain a reflected cross-site scripting (XSS) vulnerability that allows attackers to inject malicious sc...
Jul 18, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Tennis Court Bookings WordPress plugin. Attackers can inject malicious scripts via...
Jul 16, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin 'Dot html,php,xml etc pages'. Attackers can inject mal...
Jul 16, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Contact Form 7 Editor Button WordPress plugin. When us...
Jul 16, 2025This reflected cross-site scripting (XSS) vulnerability in the CSS3 Compare Pricing Tables for WordPress plugin allows attackers to inject malicious s...
Jul 16, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Infili...
Jul 16, 2025This reflected cross-site scripting (XSS) vulnerability in the Halpes WordPress theme allows attackers to inject malicious scripts into web pages view...
Jul 7, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by WP-Recall, a WordPress plugin. When users visit a speciall...
Jul 4, 2025This reflected cross-site scripting (XSS) vulnerability in the Beautiful Cookie Consent Banner WordPress plugin allows attackers to inject malicious s...
Jul 4, 2025This DOM-based cross-site scripting vulnerability in the Team Showcase WordPress plugin allows attackers to inject malicious scripts into web pages vi...
Jul 4, 2025This reflected cross-site scripting (XSS) vulnerability in the Pressroom - News Magazine WordPress theme allows attackers to inject malicious scripts ...
Jul 4, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the SB Breadcrumbs WordPress plugin. When users visit a sp...
Jul 4, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Homey ...
Jul 4, 2025This Cross-Site Scripting (XSS) vulnerability in the xili-dictionary WordPress plugin allows attackers to inject malicious scripts into web pages view...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Flexo Counter WordPress plugin. When users visit a spe...
Jun 27, 2025This reflected cross-site scripting (XSS) vulnerability in FormLift for Infusionsoft Web Forms allows attackers to inject malicious scripts into web p...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Eventin WordPress plugin. When users visit a specially...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Bulk YouTube Post Creator WordPress plugin. When users...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Smart Notification WordPress plugin. When users visit ...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the HYDRO WordPress theme, which are then executed in vict...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Evangelische Termine WordPress plugin. When users visi...
Jun 27, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Photo Express for Google WordPress plugin. When users ...
Jun 27, 2025This cross-site scripting (XSS) vulnerability in c3crm's login page allows attackers to inject malicious scripts that execute in users' browsers when ...
Jun 25, 2025This reflected cross-site scripting (XSS) vulnerability in the Echo RSS Feed Post Generator WordPress plugin allows attackers to inject malicious scri...
Jun 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Nasa Core WordPress plugin, which are then executed in...
Jun 17, 2025This Cross-Site Scripting (XSS) vulnerability in Drupal's Lightgallery module allows attackers to inject malicious scripts into web pages. When exploi...
Jun 11, 2025SolarWinds Observability Self-Hosted has a cross-site scripting (XSS) vulnerability in an unsanitized URL field. This allows authenticated administrat...
Jun 10, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the SalesUp! contact form WordPress plugin. When users vis...
Jun 9, 2025This reflected cross-site scripting (XSS) vulnerability in the MC Woocommerce Wishlist WordPress plugin allows attackers to inject malicious scripts i...
Jun 9, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Spare WordPress theme that allows attackers to inject malicious scripts into web p...
Jun 9, 2025This reflected cross-site scripting (XSS) vulnerability in the LambertGroup Revolution Video Player WordPress plugin allows attackers to inject malici...
Jun 9, 2025This vulnerability allows HTML injection in Discourse email invitations when topic titles contain HTML. Attackers can inject malicious HTML into email...
Jun 9, 2025This reflected cross-site scripting (XSS) vulnerability in the Real Time Validation for Gravity Forms WordPress plugin allows attackers to inject mali...
Jun 6, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the User Meta WordPress plugin. When users visit a special...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Section Widget WordPress plugin. When users visit a sp...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Category Widget WordPress plugin. When users visit a s...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the My Custom Widgets WordPress plugin. When users visit a...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the EC Authorize.net WordPress plugin, which are then exec...
May 23, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Document Management System WordPress plugin. Attackers can inject malicious script...
May 23, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,879 CVEs classified as CWE-79, with 278 rated critical and 2,382 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free