CWE-79


Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.


We have discovered 4,656,267 live websites that are affected by CWE-79.

Contact us to get more info






Distribution by Website Rank

The correlation between website exposure to CWE-79 and the relative popularity of the website




CVEs

  • Count - 92



Countries

United States1,217,178 websites



Germany385,144 websites
France288,076 websites
GB241,468 websites
Italy221,795 websites
Netherlands171,094 websites
Spain150,250 websites
Japan144,294 websites
Poland141,068 websites
Russia133,480 websites

TLDs

.com1,946,536 websites
.de248,319 websites
.org187,161 websites
.it147,204 websites
.co.uk141,761 websites
.nl140,165 websites
.fr119,791 websites
.net115,476 websites
.ru106,807 websites
.pl105,485 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Feb, 2024CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area1,931
Feb, 2024CVE-2024-24831 WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)40,607
Feb, 2024CVE-2024-24871 WordPress Blocksy Theme <= 2.0.19 is vulnerable to Cross Site Scripting (XSS)13,110
Jan, 2024CVE-2023-7200 EventON < 4.4.1 - Reflected Cross-Site Scripting13,033
Jan, 2024CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection121
Jan, 2024CVE-2023-6005 EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting13,983
Jan, 2024CVE-2023-5558 LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting3,856
Jan, 2024CVE-2024-0233 EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS13,983
Jan, 2024CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting3,957
Jan, 2024CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS690
List of the most common CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Nov, 2023CVE-2023-40680 WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)2,016,067
Nov, 2023CVE-2023-47505 WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS)947,249
Nov, 2023CVE-2023-47777 WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability784,050
Jan, 2023CVE-2022-4478 Font Awesome < 4.3.2 - Contributor+ Stored XSS676,327
Oct, 2023CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block494,516
Aug, 2023CVE-2023-29099 WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS)391,952
May, 2023CVE-2023-23999 WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)266,198
Nov, 2023CVE-2023-47786 WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS)250,364
Feb, 2023CVE-2023-0081 MonsterInsights < 8.12.1 - Contributor+ Stored XSS234,074
Jan, 2023CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics163,887

Geographical Distribution

The distribution of websites across the globe that are exposed to CWE-79 through included software libraries and plugins.



Websites affected by CWE-79

Top websites that are affected by CWE-79. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
*********.org United States*
***************.org United States***
***.********.com United States***
***********.com United States***
***.*******.com United States***
***.*********.com United States***
***.*****.com Switzerland***
***.**********.com United States***
***.******.com United States***
***.*********.com United States***
See full domain list