CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,990 vulnerabilities with CWE-79
CVE-2025-67344
MEDIUM
jshERP < 3.5 - Stored Cross-Site Scripting via /msg/add Endpoint
CVSS 4.6
CVE-2025-67341
MEDIUM
jshERP <= 3.5 - Stored Cross-Site Scripting via PDF File Upload
CVSS 4.6
CVE-2025-36746
MEDIUM
SolarEdge Monitoring Platform - Authenticated Stored Cross-Site Scripting via Report Name Injection
CVSS 5.4
CVE-2025-14030
MEDIUM
AI Feeds <= 1.0.22 - Authenticated Stored Cross-Site Scripting via aife_post_meta Shortcode
CVSS 6.4
CVE-2025-12965
MEDIUM
Magical Posts Display <1.2.54 - XSS
CVSS 6.4
CVE-2025-13993
MEDIUM
MailerLite - WordPress <1.7.16 - XSS
CVSS 5.5
CVE-2025-67730
MEDIUM
Frappe Learning Management System 2.0.0-2.41.9 - Stored XSS via Job Course and Batch Description
CVSS 5.4
CVE-2025-4970
MEDIUM
BSK PDF Manager <= 3.7.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.5
CVE-2025-14049
MEDIUM
VikRentItems Flexible Rental Management System <1.2.0 - XSS
CVSS 6.1
CVE-2025-11876
MEDIUM
Mailgun Subscriptions <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-12570
HIGH
Fancy Product Designer <6.4.8 - XSS
CVSS 7.2
CVE-2025-67724
MEDIUM
Tornado < 6.5.3 - HTTP Header Injection and Cross-Site Scripting via Reason Phrase
CVSS 5.4
CVE-2025-66492
HIGH
Masa CMS - Cross-Site Scripting
CVSS 8.2
CVE-2025-66284
MEDIUM
GroupSession Free edition <5.7.1 - XSS
CVSS 5.4
CVE-2025-65120
MEDIUM
GroupSession Free edition <5.7.1 - XSS
CVSS 6.1
CVE-2025-57883
MEDIUM
GroupSession Free <5.3.0, byCloud <5.3.3, ZION <5.3.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-54407
MEDIUM
GroupSession Free <5.3.0, byCloud <5.3.3, ZION <5.3.2 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-53523
MEDIUM
GroupSession Free < 5.3.0, byCloud < 5.3.3, ZION < 5.3.2 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-14467
MEDIUM
WP Job Portal < 2.4.4 - Authenticated Stored Cross-Site Scripting via Job Description Field
CVSS 4.4
CVE-2025-14393
MEDIUM
Wpik WordPress Basic Ajax Form <1.0 - XSS
CVSS 6.4
CVE-2025-14143
MEDIUM
Ayo Shortcodes <= 0.2 - Authenticated Stored Cross-Site Scripting via 'color' Parameter
CVSS 6.4
CVE-2025-14138
MEDIUM
WPLG Default Mail From <1.0.0 - XSS
CVSS 6.1
CVE-2025-14137
MEDIUM
Simple AL Slider <= 1.2.10 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14132
MEDIUM
Category Dropdown List plugin <1.0 - XSS
CVSS 6.1
CVE-2025-14129
MEDIUM
Like DisLike Voting plugin <1.0.2 - XSS
CVSS 6.1
Details
Vulnerabilities
44,990
Exploit Likelihood
High