CWE-79


Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

We have discovered 16,071,221 live websites that are affected by CWE-79.

Contact us to get more info







CVEs

  • Count - 4,241



Website Distribution by Country

Number of websites using CWE-79
United States5,808,701 websites


Germany1,597,750 websites
Japan823,944 websites
France789,305 websites
Russia649,287 websites
GB499,417 websites
Italy487,355 websites
Netherlands434,152 websites
China334,419 websites
Poland304,060 websites

Website Distribution by TLD

Number of websites using CWE-79
.com7,006,865 websites
.de891,029 websites
.org681,096 websites
.ru568,395 websites
.net480,842 websites
.co.uk406,604 websites
.nl401,890 websites
.it390,325 websites
.fr304,549 websites
.com.br266,336 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Jul, 2025CVE-2024-9343 In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in th...2
Jul, 2025CVE-2024-10029 In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in...2
Jul, 2025CVE-2024-10032 In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in th...2
Jul, 2025CVE-2025-2799 WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting7,309
Jul, 2025CVE-2025-2800 WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name'8,091
Jul, 2025CVE-2025-5284 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting5,077
Jul, 2025CVE-2025-5845 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter42
Jul, 2025CVE-2025-6747 Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode82,152
Jul, 2025CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function1,108
Jul, 2025CVE-2025-7035 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes73

The most widespread CVEs

List of the most common CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Apr, 2020CVE-2020-11023 Potential XSS vulnerability in jQuery8,178,603
Apr, 2020CVE-2020-11022 Potential XSS vulnerability in jQuery8,170,708
Jan, 2022CVE-2022-21662 Stored XSS in WordPress1,693,783
Jul, 2022CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label1,563,913
Jun, 2025CVE-2025-4965 WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder1,465,463
Oct, 2021CVE-2021-41182 XSS in the `altField` option of the Datepicker widget1,434,846
Oct, 2021CVE-2021-41183 XSS in `*Text` options of the Datepicker widget1,434,846
Oct, 2021CVE-2021-41184 XSS in the `of` option of the `.position()` util1,434,846
Oct, 2024CVE-2024-8107 Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload1,310,749
Jul, 2024CVE-2024-37449 WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability1,231,867

Websites affected by CWE-79

Top websites that are affected by CWE-79. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.org United States*
**********.***********.com United States**
********.****.br Brazil**
*********.com United States**
*******.com Singapore***
*********.com United States***
***********.com United States***
******.com United States***
***************.org United States***
******.net United States***
See full domain list