CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,990 vulnerabilities with CWE-79
CVE-2025-9856
MEDIUM
Popup Builder < 4.4.1 - Authenticated Stored Cross-Site Scripting via sg_popup Shortcode
CVSS 6.4
CVE-2025-9488
MEDIUM
Redux Framework <= 4.5.8 - Authenticated Stored Cross-Site Scripting via Data Parameter
CVSS 6.4
CVE-2025-8780
MEDIUM
SiteOrigin Widgets <= 3.9.1 - Authenticated Stored XSS via Hero Header & Pricing Table
CVSS 6.4
CVE-2025-8779
MEDIUM
All-in-One Addons for Elementor - WidgetKit <2.5.6 - XSS
CVSS 6.4
CVE-2025-8687
MEDIUM
Enter Addons - Ultimate Template Builder for Elementor <= 2.2.7 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-8617
MEDIUM
YITH WooCommerce Quick View <2.7.0 - XSS
CVSS 6.4
CVE-2025-8199
MEDIUM
Marquee Addons for Elementor < 2.4.3 - Authenticated Stored Cross-Site Scripting via Testimonial Marquee Widget
CVSS 6.4
CVE-2025-8195
MEDIUM
JetWidgets For Elementor <1.0.20 - XSS
CVSS 6.4
CVE-2025-7960
MEDIUM
King Addons for Elementor <51.1.39 - XSS
CVSS 6.4
CVE-2025-7058
MEDIUM
Kingcabs <= 1.1.9 - Authenticated Stored Cross-Site Scripting via progressbarLayout Parameter
CVSS 6.4
CVE-2025-36750
MEDIUM
Growatt ShineLan-X Firmware 3.6.0.0-3.6.0.1 - Stored Cross-Site Scripting in Plant Name Field
CVSS 5.4
CVE-2025-36748
MEDIUM
Growatt ShineLan-X Firmware 3.6.0.0-3.6.0.1 - Stored Cross-Site Scripting in Communication Module Settings
CVSS 5.4
CVE-2025-14378
MEDIUM
Quick Testimonials <= 2.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-14278
MEDIUM
HT Slider for Elementor <1.7.4 - XSS
CVSS 6.4
CVE-2025-14056
MEDIUM
Custom Post Type UI <= 1.18.1 - Authenticated Stored Cross-Site Scripting via Custom Post Type Import Label Parameter
CVSS 4.4
CVE-2025-13705
MEDIUM
WordPress Custom Frames <1.0.2 - XSS
CVSS 6.4
CVE-2025-12109
MEDIUM
Header Footer Script Adder - WordPress <2.0.5 - XSS
CVSS 6.4
CVE-2025-12077
MEDIUM
WP to LinkedIn Auto Publish <1.9.8 - XSS
CVSS 6.1
CVE-2025-12076
MEDIUM
WordPress Social Media Auto Publish <3.6.5 - XSS
CVSS 6.1
CVE-2025-11376
MEDIUM
Colibri Page Builder <1.0.335 - XSS
CVSS 6.4
CVE-2025-67634
MEDIUM
CISA Software Acquisition Guide Supplier Response Web Tool < 2025-12-11 - Cross-Site Scripting via JSON Import
CVSS 4.4
CVE-2025-14580
LOW
Qualitor < 8.20.78 - Cross-Site Scripting via cdscript Parameter
CVSS 3.5
CVE-2025-67734
MEDIUM
Frappe Learning Management System 2.0.0-2.41.9 - Stored XSS via Job Form Company Website Field
CVSS 5.4
CVE-2025-8082
MEDIUM
Vuetify 2.0.0-3.0.0 - Stored Cross-Site Scripting via VDatePicker Title Date Format
CVSS 6.3
CVE-2025-67342
MEDIUM
RuoYi < 4.8.1 - Stored Cross-Site Scripting in /system/menu/edit Endpoint
CVSS 4.6
Details
Vulnerabilities
44,990
Exploit Likelihood
High