CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,902)
This vulnerability allows attackers to inject malicious scripts into web pages generated by the EC Authorize.net WordPress plugin, which are then exec...
May 23, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Document Management System WordPress plugin. Attackers can inject malicious script...
May 23, 2025This reflected cross-site scripting (XSS) vulnerability in the Tayori Form WordPress plugin allows attackers to inject malicious scripts into web page...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Goodlayers Hotel WordPress plugin. When users visit a ...
May 23, 2025This reflected cross-site scripting (XSS) vulnerability in the Goodlayers Hostel WordPress plugin allows attackers to inject malicious scripts into we...
May 23, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Butcher WordPress theme. When users visit a specially ...
May 23, 2025The Order Delivery Date WordPress plugin before version 12.4.0 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized user in...
May 20, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the mojoomla Hospital Management System WordPress plugin. Attackers can inj...
May 19, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Events Calendar Registration & Tickets plugin allows attackers to inject mali...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the wProject WordPress theme, which are then executed in v...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Tiger WordPress theme, which are then executed in vict...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the BP Messages Tool WordPress plugin. When users visit a ...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Syndicate Out WordPress plugin, which are then execute...
May 19, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WordPress Video Robot plugin. Attackers can inject malicious scripts vi...
May 19, 2025This reflected cross-site scripting (XSS) vulnerability in the Wireless Butler WordPress plugin allows attackers to inject malicious scripts into web ...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Offset Writing WordPress theme. When users visit a spe...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Flashy WordPress theme, which are then executed in vic...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into Tijaji WordPress theme pages through improper input sanitization. When exploited,...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into Ghostwriter WordPress theme pages through improper input sanitization. When users...
May 19, 2025This reflected cross-site scripting (XSS) vulnerability in the My White WordPress theme allows attackers to inject malicious scripts into web pages. W...
May 19, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Polka Dots WordPress theme. When users visit a special...
May 19, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin 'Dot html,php,xml etc pages'. Attackers can inject mal...
May 16, 2025This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsanitized parameters in the Advanced Schedule Posts p...
May 15, 2025This vulnerability allows attackers to inject malicious scripts through query parameters in HCL Domino Volt and Domino Leap applications due to insuff...
Apr 30, 2025This vulnerability in HCL Leap allows attackers to inject malicious scripts through query parameters due to insufficient URI protocol whitelisting. Th...
Apr 24, 2025This vulnerability combines Cross-Site Request Forgery (CSRF) with Cross-Site Scripting (XSS) in the LSD Custom taxonomy and category meta WordPress p...
Apr 24, 2025This stored cross-site scripting (XSS) vulnerability in the PayPal Express Checkout WordPress plugin allows attackers to inject malicious scripts into...
Apr 24, 2025This stored Cross-Site Scripting (XSS) vulnerability in the metaloha Dropdown Content WordPress plugin allows attackers to inject malicious scripts th...
Apr 24, 2025This stored cross-site scripting (XSS) vulnerability in the Novium WoWHead Tooltips WordPress plugin allows attackers to inject malicious scripts into...
Apr 24, 2025This reflected cross-site scripting (XSS) vulnerability in the EverPress BruteGuard WordPress plugin allows attackers to inject malicious scripts into...
Apr 24, 2025This reflected cross-site scripting (XSS) vulnerability in the Control Listings WordPress plugin allows attackers to inject malicious scripts into web...
Apr 24, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Arigato Autoresponder and Newsletter WordPress plugin....
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the Shamalli Web Directory Free WordPress plugin allows attackers to inject malicious scrip...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users in the CRM Perks WordPress plugin. When exploited...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the AdminQuickbar WordPress plugin allows attackers to inject malicious scripts into web pa...
Apr 17, 2025A reflected cross-site scripting (XSS) vulnerability in the Contact Form vCard Generator WordPress plugin allows attackers to inject malicious scripts...
Apr 17, 2025This stored cross-site scripting (XSS) vulnerability in the WP Twitter Button WordPress plugin allows attackers to inject malicious scripts into web p...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Spark GF Failed Submissions WordPress plugin. When use...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into SERPed.net WordPress plugin pages, which execute in victims' browsers when they v...
Apr 17, 2025This stored cross-site scripting (XSS) vulnerability in the ShopApper WordPress plugin allows attackers to inject malicious scripts into web pages tha...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Question Answer WordPress plugin. When users visit spe...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Mobile Pages WordPress plugin, which are then executed...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into WP-BusinessDirectory WordPress plugin pages, which execute in victims' browsers w...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into AWSA Shipping WordPress plugin pages, which execute in victims' browsers when the...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the Verowa Connect WordPress plugin allows attackers to inject malicious scripts into web p...
Apr 17, 2025This stored cross-site scripting (XSS) vulnerability in the WordPress Debug Log Manager plugin allows attackers to inject malicious scripts that execu...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into Web2application WordPress plugin pages, which execute in victims' browsers when t...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the License For Envato WordPress plugin. When users visit ...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Coming Soon Countdown plugin allows attackers to inject malicious scripts int...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Hamburger Icon Menu Lite WordPress plugin. When users ...
Apr 17, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,902 CVEs classified as CWE-79, with 278 rated critical and 2,384 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free