CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,990 vulnerabilities with CWE-79
CVE-2025-68077
MEDIUM
Select-Themes Stockholm <9.14.1 - XSS
CVSS 6.5
CVE-2025-68076
MEDIUM
Select-Themes Stockholm Core <= 2.4.6 - XSS
CVSS 6.5
CVE-2025-68070
MEDIUM
Vektor,Inc. VK Google Job Posting Manager - XSS
CVSS 6.5
CVE-2025-67986
MEDIUM
Barn2 Plugins Document Library Lite <1.1.8 - XSS
CVSS 5.9
CVE-2025-67983
MEDIUM
osama.esh WP Visitor Statistics - XSS
CVSS 6.5
CVE-2025-67951
MEDIUM
WPZOOM WPZOOM Addons for Elementor <=1.2.10 - XSS
CVSS 6.5
CVE-2025-67912
MEDIUM
Gal Dubinski Stars Testimonials <3.3.4 - XSS
CVSS 6.5
CVE-2025-68115
MEDIUM
Parse Server < 8.6.1 - Reflected Cross-Site Scripting in Password Reset and Email Verification Pages
CVSS 6.1
CVE-2025-14722
LOW
vion707 DMadmin <3403cafdb42537a648c30bf8cbc8148ec60437d1 - XSS
CVSS 2.4
CVE-2025-51962
MEDIUM
MicroStudio 24.01.29 - HTML Injection in Project Comment Section
CVSS 6.1
CVE-2025-66843
MEDIUM
Grav < 1.7.49.5 - Authenticated Stored Cross-Site Scripting in Page Editing Functionality
CVSS 5.4
CVE-2025-14387
MEDIUM
LearnPress - WordPress LMS Plugin <4.3.1 - XSS
CVSS 6.4
CVE-2025-13728
MEDIUM
FluentAuth WordPress <= 2.0.3 - Authenticated Stored XSS via fluent_auth_reset_password Shortcode
CVSS 6.4
CVE-2025-13610
MEDIUM
RegistrationMagic < 6.0.6.7 - Authenticated Stored Cross-Site Scripting via RM_Forms Shortcode Theme Attribute
CVSS 6.4
CVE-2025-13608
MEDIUM
CC Child Pages <= 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-13367
MEDIUM
User Registration & Membership Plugin < 4.4.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-65778
HIGH
Wekan < 8.16 - Stored Cross-Site Scripting via Attachment Content-Type Manipulation
CVSS 8.1
CVE-2025-37732
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Cross-Site Scripting via Integration Package Upload
CVSS 5.4
CVE-2025-67906
MEDIUM
MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path
CVSS 5.4
CVE-2025-13740
MEDIUM
Lightweight Accordion <1.5.20 - XSS
CVSS 6.4
CVE-2025-14691
MEDIUM
Mayan EDMS < 4.10.2 - Cross-Site Scripting in Authentication Endpoint
CVSS 4.3
CVE-2025-14663
LOW
Student File Management System 1.0 - XSS
CVSS 2.4
CVE-2025-14662
LOW
Code-projects Student File Management System 1.0 - XSS
CVSS 2.4
CVE-2025-12537
MEDIUM
Addon Elements for Elementor <1.14.3 - XSS
CVSS 6.4
CVE-2025-9873
MEDIUM
a3 Lazy Load <= 2.7.5 - Authenticated Stored Cross-Site Scripting via User Supplied Attributes
CVSS 6.4
Details
Vulnerabilities
44,990
Exploit Likelihood
High