CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,968 vulnerabilities with CWE-79
CVE-2025-40977
MEDIUM
eCommerceGo SaaS - Stored Cross-Site Scripting via Store-Ticket Subject and Description Parameters
CVE-2025-40976
MEDIUM
TicketGo - Stored Cross-Site Scripting via Description Parameter
CVE-2025-40975
MEDIUM
HRMGo - Stored Cross-Site Scripting via Description Parameter
CVE-2025-69275
MEDIUM
Broadcom DX NetOps Spectrum < 24.3.10 - DOM-Based Cross-Site Scripting
CVSS 6.1
CVE-2025-69268
MEDIUM
Broadcom DX NetOps Spectrum < 24.3.9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-15505
LOW
Luxul XWR-600 <= 4.0.1 - Cross-Site Scripting via Guest Network/Wireless Profile SSID
CVSS 2.4
CVE-2025-12379
MEDIUM
Phlox theme <= 2.17.13 - Authenticated Stored XSS via 'tag' and 'title_tag' Parameters
CVSS 6.4
CVE-2025-14555
MEDIUM
Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated Stored Cross-Site Scripting via wpdevart_countdown Shortcode
CVSS 6.4
CVE-2025-14506
MEDIUM
ConvertForce Popup Builder <0.0.8 - XSS
CVSS 6.4
CVE-2025-61676
MEDIUM
October CMS < 3.7.13 - Stored Cross-Site Scripting via Backend Stylesheet Input
CVSS 6.1
CVE-2025-61674
MEDIUM
October CMS < 3.7.13 and < 4.0.12 - Stored Cross-Site Scripting via Markup Styles Stylesheet Input
CVSS 6.1
CVE-2025-59057
HIGH
React Router 7.0.0-7.8.2 & @remix-run/react 1.15.0-2.17.0 XSS via meta()/<Meta> APIs
CVSS 7.6
CVE-2025-13967
MEDIUM
Woodpecker for WordPress <3.0.4 - XSS
CVSS 6.4
CVE-2025-13908
MEDIUM
Tooltip plugin for WordPress <1.0.2 - XSS
CVSS 6.4
CVE-2025-13903
MEDIUM
PullQuote <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-13897
MEDIUM
Client Testimonial Slider <2.0 - XSS
CVSS 6.4
CVE-2025-13893
MEDIUM
Lesson Plan Book <= 1.3 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-13892
MEDIUM
MG AdvancedOptions <= 1.2 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-13862
MEDIUM
Menu Card plugin - WordPress <0.8.0 - XSS
CVSS 6.4
CVE-2025-13854
MEDIUM
Curved Text <= 0.1 - Authenticated Stored Cross-Site Scripting via arctext Shortcode Radius Parameter
CVSS 6.4
CVE-2025-13852
MEDIUM
WordPress Business in a Box <4.1.0 - XSS
CVSS 6.4
CVE-2025-13704
MEDIUM
Autogen Headers Menu <= 1.0.1 - Stored XSS via head_class Parameter
CVSS 6.4
CVE-2025-13701
MEDIUM
Shabat Keeper <= 0.4.4 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2025-11453
MEDIUM
Header and Footer Scripts <2.2.2 - XSS
CVSS 6.4
CVE-2025-9222
HIGH
GitLab 18.2.2-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Stored Cross-Site Scripting via GitLab Flavored Markdown
CVSS 8.7
Details
Vulnerabilities
44,968
Exploit Likelihood
High