CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,910)
This vulnerability allows attackers to inject malicious scripts into web pages through the Advanced Custom Fields: Link Picker Field WordPress plugin....
Apr 15, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Global Gallery WordPress plugin. Attackers can inject malicious scripts...
Apr 15, 2025This reflected cross-site scripting (XSS) vulnerability in the Landing Page Cat WordPress plugin allows attackers to inject malicious scripts into web...
Apr 15, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ZooEffect WordPress plugin, which are then executed in...
Apr 15, 2025This reflected cross-site scripting (XSS) vulnerability in the Tournamatch WordPress plugin allows attackers to inject malicious scripts into web page...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by WP Table Builder, which are then executed in victims' brow...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Connec...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Easy Post Duplicator WordPress plugin. When a user vis...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the WooCommerce Sales MIS Report WordPres...
Apr 11, 2025This reflected cross-site scripting (XSS) vulnerability in the HTML5 Video Player with Playlist WordPress plugin allows attackers to inject malicious ...
Apr 11, 2025This reflected cross-site scripting (XSS) vulnerability in the WooCommerce Payphone Gateway plugin allows attackers to inject malicious scripts into w...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Interactive Geo Maps WordPress plugin. When users visi...
Apr 11, 2025This reflected cross-site scripting (XSS) vulnerability in the SCAND MultiMailer WordPress plugin allows attackers to inject malicious scripts into we...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Oppso Unit Converter WordPress plugin. When users visi...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the Mobile Smart WordPress plugin. When e...
Apr 11, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Vice Versa WordPress plugin, which are then executed i...
Apr 10, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the 5sterrenspecialist WordPress plugin. Attackers can inject malicious scr...
Apr 10, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Studi7 QR Master WordPress plugin. When users visit sp...
Apr 10, 2025The Feedify WordPress plugin before version 2.4.6 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized user input is reflec...
Apr 10, 2025This stored cross-site scripting (XSS) vulnerability in the WordPress Spam Blocker plugin allows attackers to inject malicious scripts into web pages ...
Apr 9, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Canonical Attachments WordPress plugin. When users vis...
Apr 9, 2025This stored cross-site scripting (XSS) vulnerability in the WordPress More Mime Type Filters plugin allows attackers to inject malicious scripts that ...
Apr 9, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Widgetize Pages Light WordPress plugin. When a user vi...
Apr 8, 2025This reflected cross-site scripting (XSS) vulnerability in the Awesome Event Booking WordPress plugin allows attackers to inject malicious scripts int...
Apr 4, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Lexicata WordPress plugin. When users visit a speciall...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Social Share And Social Locker WordPress plugin. When ...
Apr 3, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Team Rosters WordPress plugin that allows attackers to inject malicious scripts in...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the MediaView WordPress plugin, which are then executed in...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Support Helpdesk Ticket System Lite WordPress plugin. ...
Apr 3, 2025This stored cross-site scripting (XSS) vulnerability in the PeproDev CF7 Database WordPress plugin allows attackers to inject malicious scripts into w...
Apr 3, 2025This stored cross-site scripting (XSS) vulnerability in the Contact Form vCard Generator WordPress plugin allows attackers to inject malicious scripts...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages through the Search engine keywords highlighter WordPress plugin. When u...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP_Identicon WordPress plugin, which are then executed...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Wptobe-signinup WordPress plugin. When users visit spe...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into Snow Storm WordPress plugin pages, which execute in victims' browsers when they v...
Apr 3, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Auto scroll for reading WordPress plugin. When users v...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by The Logo Slider WordPress plugin. When users visit a speci...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Bulk NoIndex & NoFollow Toolkit WordPress plugin. When...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Delete Post Revision WordPress plugin. When users visi...
Apr 1, 2025This reflected cross-site scripting (XSS) vulnerability in the NanoSupport WordPress plugin allows attackers to inject malicious scripts into web page...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into WP Bookmarks WordPress plugin pages, which execute in victims' browsers when they...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Pages Order WordPress plugin. When users visit special...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Getnet para WooCommerce plugin. When users visit a spe...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Small Package Quotes – Worldwide Express Edition Wor...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Enable Media Replace WordPress plugin. When users visi...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the xili-language WordPress plugin. When users visit a spe...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Oracle Cards Lite WordPress plugin. When users visit s...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Primer...
Apr 1, 2025This reflected cross-site scripting (XSS) vulnerability in the ATL Software SRL AEC Kiosque WordPress plugin allows attackers to inject malicious scri...
Apr 1, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the About Author WordPress plugin. When users visit a spec...
Apr 1, 2025About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,910 CVEs classified as CWE-79, with 279 rated critical and 2,390 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free