Login Sign Up

CWE-79: Cross-site Scripting (XSS)

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.

8,912
Total CVEs
279
Critical
2,390
High
6.4
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
976
2025
4,799
2024
2,396
2023
455
2022
70

Top Affected Vendors

1 Adobe 349
2 Ibm 78
3 Liferay 65
4 Microsoft 60
5 Nagios 45
6 Phpgurukul 44
7 Gitlab 40
8 Wegia 39
9 Cisco 38
10 Esri 34

All Cross-site Scripting (XSS) CVEs (8,912)

CVE-2025-30840
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the xili-dictionary WordPress plugin. When users visit a s...

Apr 1, 2025
CVE-2025-30794
7.1

This reflected cross-site scripting (XSS) vulnerability in The Events Calendar Event Tickets WordPress plugin allows attackers to inject malicious scr...

Apr 1, 2025
CVE-2025-30614
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Google Font Fix WordPress plugin. When users visit pag...

Apr 1, 2025
CVE-2025-30559
7.1

This stored cross-site scripting (XSS) vulnerability in the Kento WordPress Stats plugin allows attackers to inject malicious scripts into web pages. ...

Apr 1, 2025
CVE-2025-30579
7.1

This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the Pesapal Gateway for WooCommerce WordP...

Apr 1, 2025
CVE-2025-30607
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Quick Localization WordPress plugin. When users visit ...

Apr 1, 2025
CVE-2025-30520
7.1

A reflected cross-site scripting (XSS) vulnerability in the Breezing Forms WordPress plugin allows attackers to inject malicious scripts into web page...

Apr 1, 2025
CVE-2025-30547
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Cards WordPress plugin. When users visit a speciall...

Apr 1, 2025
CVE-2025-31625
7.1

This stored cross-site scripting (XSS) vulnerability in the Useinfluence WordPress plugin allows attackers to inject malicious scripts into web pages ...

Mar 31, 2025
CVE-2025-31615
7.1

This stored cross-site scripting (XSS) vulnerability in the Simple Contact Forms WordPress plugin allows attackers to inject malicious scripts into we...

Mar 31, 2025
CVE-2025-23995
7.1

This reflected cross-site scripting (XSS) vulnerability in the Tantyyellow WordPress theme allows attackers to inject malicious scripts into web pages...

Mar 31, 2025
CVE-2025-22566
7.1

This is a reflected cross-site scripting (XSS) vulnerability in the ULTIMATE VIDEO GALLERY WordPress plugin. Attackers can inject malicious scripts vi...

Mar 28, 2025
CVE-2025-22575
7.1

This reflected cross-site scripting (XSS) vulnerability in the SUPER RESPONSIVE SLIDER WordPress plugin allows attackers to inject malicious scripts i...

Mar 28, 2025
CVE-2025-22767
7.1

This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through the GlobalPayments WooCommerce plugin. It...

Mar 28, 2025
CVE-2025-22356
7.1

This reflected cross-site scripting (XSS) vulnerability in the Stencies WordPress plugin allows attackers to inject malicious scripts into web pages v...

Mar 28, 2025
CVE-2025-22360
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Azure offload WordPress plugin, which are then exec...

Mar 28, 2025
CVE-2024-51624
7.1

This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the Já-J�...

Mar 28, 2025
CVE-2025-31102
7.1

This vulnerability allows attackers to inject malicious scripts into Bob Hostel WordPress plugin pages, which execute in victims' browsers when they v...

Mar 28, 2025
CVE-2025-22628
7.1

This stored cross-site scripting (XSS) vulnerability in the Foliovision Filled In WordPress plugin allows attackers to inject malicious scripts into w...

Mar 27, 2025
CVE-2025-28924
7.1

This reflected cross-site scripting (XSS) vulnerability in the ZenphotoPress WordPress plugin allows attackers to inject malicious scripts into web pa...

Mar 26, 2025
CVE-2025-28928
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the 'Are you robot google recaptcha for wordpress' plugin....

Mar 26, 2025
CVE-2025-28934
7.1

This reflected cross-site scripting (XSS) vulnerability in the WordPress Simple Post Series plugin allows attackers to inject malicious scripts into w...

Mar 26, 2025
CVE-2025-28935
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Fancybox Plus WordPress plugin, which are then execute...

Mar 26, 2025
CVE-2025-28899
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Event Ticketing WordPress plugin. When users visit ...

Mar 26, 2025
CVE-2025-28903
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Driving Directions WordPress plugin. When users visit ...

Mar 26, 2025
CVE-2025-28911
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Gravity 2 PDF WordPress plugin. When users visit speci...

Mar 26, 2025
CVE-2025-28921
7.1

This reflected cross-site scripting (XSS) vulnerability in the SpatialMatch IDX WordPress plugin allows attackers to inject malicious scripts into web...

Mar 26, 2025
CVE-2025-28880
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Blue Captcha WordPress plugin. When users visit a spec...

Mar 26, 2025
CVE-2025-28882
7.1

This vulnerability allows attackers to inject malicious scripts into Omnify WordPress plugin pages through unvalidated input. When users visit a speci...

Mar 26, 2025
CVE-2025-28889
7.1

This reflected cross-site scripting (XSS) vulnerability in the Custom Product Stickers for Woocommerce WordPress plugin allows attackers to inject mal...

Mar 26, 2025
CVE-2025-28890
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Lightview Plus WordPress plugin, which are then execut...

Mar 26, 2025
CVE-2025-28855
7.1

This is a reflected cross-site scripting (XSS) vulnerability in the Teleport WordPress plugin that allows attackers to inject malicious scripts into w...

Mar 26, 2025
CVE-2025-28858
7.1

This is a reflected cross-site scripting (XSS) vulnerability in the Arrow Maps WordPress plugin that allows attackers to inject malicious scripts into...

Mar 26, 2025
CVE-2025-28865
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Colorful Tag Cloud WordPress plugin. When users vis...

Mar 26, 2025
CVE-2025-28869
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the NextGEN Gallery Voting WordPress plugin. When users vi...

Mar 26, 2025
CVE-2025-28877
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Key4ce osTicket Bridge WordPress plugin. When users vi...

Mar 26, 2025
CVE-2025-27014
7.1

This is a reflected cross-site scripting (XSS) vulnerability in the Hostiko WordPress theme that allows attackers to inject malicious scripts into web...

Mar 26, 2025
CVE-2025-27267
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Random Quotes WordPress plugin. When users visit a spe...

Mar 26, 2025
CVE-2025-26584
7.1

This reflected cross-site scripting (XSS) vulnerability in the TBTestimonials WordPress plugin allows attackers to inject malicious scripts into web p...

Mar 26, 2025
CVE-2025-26573
7.1

This Cross-Site Scripting (XSS) vulnerability in the Rizzi Guestbook WordPress plugin allows attackers to inject malicious scripts into web pages view...

Mar 26, 2025
CVE-2025-26575
7.1

This Cross-Site Scripting (XSS) vulnerability in the WordPress Display Post Meta plugin allows attackers to inject malicious scripts into web pages vi...

Mar 26, 2025
CVE-2025-26576
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Simple Slideshow WordPress plugin. When users visit...

Mar 26, 2025
CVE-2025-26579
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the MicroPayments WordPress plugin, which are then execute...

Mar 26, 2025
CVE-2025-26581
7.1

This vulnerability allows attackers to inject malicious scripts into Picture Gallery WordPress plugin pages, which execute in victims' browsers when t...

Mar 26, 2025
CVE-2025-26583
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Video Share VOD WordPress plugin. When users visit a s...

Mar 26, 2025
CVE-2025-26546
7.1

This is a reflected cross-site scripting (XSS) vulnerability in the WordPress Cookies Pro plugin that allows attackers to inject malicious scripts int...

Mar 26, 2025
CVE-2025-26560
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Contact Form III WordPress plugin, which are then e...

Mar 26, 2025
CVE-2025-26564
7.1

This reflected cross-site scripting (XSS) vulnerability in GNUCommerce allows attackers to inject malicious scripts into web pages viewed by users. At...

Mar 26, 2025
CVE-2025-26565
7.1

This reflected cross-site scripting (XSS) vulnerability in the GNUPress WordPress plugin allows attackers to inject malicious scripts into web pages v...

Mar 26, 2025
CVE-2025-26566
7.1

This vulnerability allows attackers to inject malicious scripts into web pages generated by the In Stock Mailer for WooCommerce WordPress plugin. When...

Mar 26, 2025

About Cross-site Scripting (XSS) (CWE-79)

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.

Our database tracks 8,912 CVEs classified as CWE-79, with 279 rated critical and 2,390 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.

External reference: View CWE-79 on MITRE CWE →

Monitor Cross-site Scripting (XSS) Vulnerabilities

Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.

Start Monitoring Free