CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2025-40697
MEDIUM
Lewe WebMeasure - Reflected Cross-Site Scripting via Page Parameter
CVE-2025-14983
MEDIUM
Advanced Custom Fields Font Awesome Field - XSS
CVSS 6.4
CVE-2025-14851
MEDIUM
YaMaps for WordPress Plugin <= 0.6.40 - Authenticated Stored Cross-Site Scripting via yamap Shortcode Parameters
CVSS 6.4
CVE-2025-14452
HIGH
WP Customer Reviews <= 3.7.5 - Unauthenticated Reflected Cross-Site Scripting via wpcr3_fname Parameter
CVSS 7.2
CVE-2025-14445
MEDIUM
Image Hotspot by DevVN <=1.2.9 - XSS
CVSS 6.4
CVE-2025-14076
MEDIUM
iXML - Google XML sitemap generator <= 0.6 - Unauthenticated Reflected Cross-Site Scripting via iXML_email Parameter
CVSS 6.1
CVE-2025-13738
MEDIUM
Easy Table of Contents <2.0.78 - XSS
CVSS 6.4
CVE-2025-13732
MEDIUM
s2Member < 251005 - Authenticated Stored Cross-Site Scripting via s2Eot Shortcode
CVSS 6.4
CVE-2025-13617
MEDIUM
Apollo13 Framework Extensions <1.9.8 - XSS
CVSS 6.4
CVE-2025-13612
MEDIUM
Album and Image Gallery plus Lightbox 2.1.7 - XSS
CVSS 6.4
CVE-2025-13048
MEDIUM
StatCounter Plugin <2.1.0 - Stored XSS
CVSS 6.4
CVE-2025-12451
MEDIUM
Easy SVG Support <= 4.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 4.4
CVE-2025-12448
MEDIUM
Smartsupp WordPress Plugin <3.9.1 - XSS
CVSS 6.4
CVE-2025-12117
MEDIUM
Renden Theme for WordPress <=1.8.1 - XSS
CVSS 6.4
CVE-2025-12116
MEDIUM
Drift WordPress Theme <=1.5.0 - XSS
CVSS 6.4
CVE-2025-11706
MEDIUM
Aruba HiSpeed Cache <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting via dbstatus Parameter
CVSS 6.1
CVE-2025-8308
MEDIUM
INFOREX- General Information Management System 2025-18022026 - Cross-Site Scripting via HTTP Headers
CVSS 6.3
CVE-2025-14340
HIGH
Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 - Cross-Site Scripting via REST Management Interface
CVE-2025-13727
MEDIUM
WordPress Video Share VOD Plugin <=2.7.11 - XSS
CVSS 4.4
CVE-2025-11185
MEDIUM
Complianz WordPress Plugin <7.4.3 - XSS
CVSS 6.4
CVE-2025-11737
MEDIUM
VK All in One Expansion Unit <9.112.3 - XSS
CVSS 6.4
CVE-2025-6460
MEDIUM
WordPress Display During Conditional Shortcode <=1.2 - XSS
CVSS 6.4
CVE-2025-13959
MEDIUM
Filestack WordPress Plugin <=2.0.8 - XSS
CVSS 6.4
CVE-2025-12037
MEDIUM
WP 404 Auto Redirect to Similar Post <=1.0.5 - XSS
CVSS 4.4
CVE-2025-62183
MEDIUM
Pega Platform 8.1.0-25.1.1 - Stored XSS
Details
Vulnerabilities
44,966
Exploit Likelihood
High