CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,012 vulnerabilities with CWE-79
CVE-2025-13784
LOW
yungifez Skuul < 2.6.5 - Cross-Site Scripting via SVG File Handler in Dashboard Edit
CVSS 2.4
CVE-2025-66421
MEDIUM
Tryton sao < 7.6.11 - Cross-Site Scripting via Unescaped Completion Values
CVSS 5.4
CVE-2025-66420
MEDIUM
Tryton sao < 7.6.9 - Cross-Site Scripting via HTML Attachment
CVSS 5.4
CVE-2025-65892
MEDIUM
krpano < 1.23.2 - Unauthenticated Reflected Cross-Site Scripting via passQueryParameters XML Parameter
CVSS 6.1
CVE-2025-65540
MEDIUM
xmall v1.1 - Stored Cross-Site Scripting via Username and Description Fields
CVSS 6.1
CVE-2025-66036
MEDIUM
Retro < 2.4.7 - Cross-Site Scripting in Input Handling Component
CVSS 6.1
CVE-2025-51734
MEDIUM
HCL Unica 12.0.0 - Cross-Site Scripting
CVSS 5.4
CVE-2025-66359
HIGH
Logpoint SIEM < 7.7.0 - Cross-Site Scripting via Insufficient Input Validation
CVSS 8.5
CVE-2025-13692
HIGH
Unlimited Elements For Elementor <2.0 - XSS
CVSS 7.2
CVE-2025-59026
MEDIUM
OX App Suite < 8.35.110, < 8.39.85, < 8.40.73, < 8.41.67 - Stored Cross-Site Scripting via Malicious File Upload
CVSS 5.4
CVE-2025-59025
MEDIUM
OX App Suite < 8.35.110, < 8.39.85, < 8.40.73, < 8.41.50 - Stored Cross-Site Scripting via Malicious Email Content
CVSS 6.1
CVE-2025-30190
MEDIUM
OX App Suite < 8.35.1513817, < 8.39.1565928, < 8.40.1565934, < 8.41.1523927 - Stored XSS via Office Document Editing
CVSS 5.4
CVE-2025-30186
MEDIUM
OX App Suite < 8.35.107, < 8.38.89, < 8.39.83, < 8.40.68, < 8.41.60 - Stored XSS via File Upload
CVSS 5.4
CVE-2025-13525
MEDIUM
WP Directory Kit <= 1.4.5 - Unauthenticated Reflected Cross-Site Scripting via Order By Parameter
CVSS 6.1
CVE-2025-12185
MEDIUM
StaffList <= 3.2.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12123
MEDIUM
Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected XSS via Email-Text Parameter
CVSS 6.1
CVE-2025-12151
MEDIUM
Simple Folio <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Portfolio Name Parameter
CVSS 6.4
CVE-2025-12713
MEDIUM
Soundslides < 1.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-12712
MEDIUM
Shouty <= 0.2.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-12670
MEDIUM
wp-twitpic <= 1.0 - Authenticated Stored Cross-Site Scripting via twitpic Shortcode Parameters
CVSS 6.4
CVE-2025-12666
MEDIUM
Google Drive upload and download link <= 1.0 - Authenticated Stored Cross-Site Scripting via 'link' Parameter
CVSS 6.4
CVE-2025-12649
MEDIUM
SortTable Post <= 4.2 - Authenticated Stored Cross-Site Scripting via Shortcode ID Parameter
CVSS 6.4
CVE-2025-66040
LOW
Spotipy < 2.25.2 - Cross-Site Scripting via OAuth Error Parameter
CVSS 3.6
CVE-2025-65676
MEDIUM
Classroomio 0.1.13 - Authenticated Stored Cross-Site Scripting via SVG Cover Image
CVSS 5.4
CVE-2025-65675
MEDIUM
Classroomio 0.1.13 - Authenticated Stored Cross-Site Scripting via SVG Profile Picture
CVSS 5.4
Details
Vulnerabilities
45,012
Exploit Likelihood
High