CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,908)
This stored cross-site scripting (XSS) vulnerability in the WordPress Debug Log Manager plugin allows attackers to inject malicious scripts that execu...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into Web2application WordPress plugin pages, which execute in victims' browsers when t...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the License For Envato WordPress plugin. When users visit ...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Coming Soon Countdown plugin allows attackers to inject malicious scripts int...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Hamburger Icon Menu Lite WordPress plugin. When users ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by Raptive Ads WordPress plugin. When users visit specially c...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP-Hijri WordPress plugin, which are then executed in ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into WP Easy Poll WordPress plugin pages, which execute in victims' browsers when they...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the Arconix FAQ WordPress plugin allows attackers to inject malicious scripts into web page...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the Deliver via Shipos for WooCommerce Wo...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Feedify WordPress plugin. When users visit a specially...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Licens...
Apr 17, 2025This stored cross-site scripting (XSS) vulnerability in the T&P Gallery Slider WordPress plugin allows attackers to inject malicious scripts into web ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the iONE360 configurator WordPress plugin. When users visi...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the Make Email Customizer for WooCommerce...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Nomupay Payment Processing Gateway plugin for WordPres...
Apr 17, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Terminal Africa WordPress plugin that allows attackers to inject malicious scripts...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WordPress Health and Server Condition plugin. When use...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Silvasoft boekhouden WordPress plugin. When users visi...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the Event Espresso WordPress plugin allows attackers to inject malicious scripts via crafte...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the WooCommerce HTML5 Video plugin. It af...
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Rebuild Permalinks plugin allows attackers to inject malicious scripts into w...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Activity Reactions For Buddypress WordPress plugin. Wh...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the User List WordPress plugin. When a user visits a speci...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the 17TRACK for WooCommerce plugin. When users visit speci...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Fontsampler WordPress plugin, which are then executed ...
Apr 17, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Shipmozo Courier Tracking WordPress plugin. Attackers can inject malici...
Apr 17, 2025This stored cross-site scripting (XSS) vulnerability in the Flickr Slideshow Wrapper WordPress plugin allows attackers to inject malicious scripts int...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Google Maps GPX Viewer WordPress plugin. When users vi...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Flagged Content WordPress plugin. When users visit a s...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the File Icons WordPress plugin. When a user visits a spec...
Apr 17, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the uxgallery WordPress Photo Gallery plugin. Attackers can inject maliciou...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Classified Listing WordPress plugin. When users visit ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Beacon Lead Magnets and Lead Capture WordPress plugin....
Apr 17, 2025This reflected cross-site scripting (XSS) vulnerability in the Eazy Under Construction WordPress plugin allows attackers to inject malicious scripts i...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the PickPlugins Wishlist WordPress plugin. When users visi...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Shipme...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Arconix Shortcodes WordPress plugin. When users visit ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the DeBounce Email Validator WordPress plugin. When users ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users via the Shipping with Venipak for WooCommerce plu...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Author Showcase WordPress plugin. When users visit a s...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by TotalContest Lite WordPress plugin. When users visit speci...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Custom Users Order WordPress plugin. When users visit ...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into the CRUDLab Scroll to Top WordPress plugin, which are then reflected back to user...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into vooPlayer v4 WordPress plugin pages, which execute in victims' browsers when they...
Apr 17, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Stylish Google Sheet Reader WordPress plugin. When use...
Apr 17, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Tourmaster WordPress plugin that allows attackers to inject malicious scripts into...
Apr 15, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the SEO Tools WordPress plugin. When users visit a special...
Apr 15, 2025This vulnerability allows attackers to inject malicious scripts into web pages through the Advanced Custom Fields: Link Picker Field WordPress plugin....
Apr 15, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Global Gallery WordPress plugin. Attackers can inject malicious scripts...
Apr 15, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,908 CVEs classified as CWE-79, with 279 rated critical and 2,388 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free