CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,022 vulnerabilities with CWE-79
CVE-2025-65012
MEDIUM
Kirby 5.0.0-5.1.3 - Stored Cross-Site Scripting via Page Title or Username
CVSS 5.4
CVE-2025-64325
CRITICAL
Emby Server <4.8.1.0-4.9.0.0-beta - Info Disclosure
CVSS 9.0
CVE-2025-63229
MEDIUM
Mozart FM Transmitter WEBMOZZI-00287 - XSS
CVSS 5.4
CVE-2025-63514
MEDIUM
kishan0725 Hospital Management System - XSS
CVSS 6.1
CVE-2025-56526
MEDIUM
Kotaemon < 0.11.0 - Stored Cross-Site Scripting via PDF Content Rendering
CVSS 6.1
CVE-2025-12761
LOW
Drupal Simple Multi Step Form <2.0.0 - XSS
CVSS 3.5
CVE-2025-63892
MEDIUM
SourceCodester Student Grades Management System 1.0 - XSS
CVSS 6.8
CVE-2025-63883
MEDIUM
Bhabishya-123 E-commerce - DOM-based Cross-Site Scripting via Unsafe JavaScript Sinks
CVSS 5.4
CVE-2025-59117
MEDIUM
Windu CMS 4.1 - Authenticated Stored Cross-Site Scripting in Page Editing Endpoint
CVSS 4.8
CVE-2025-59115
MEDIUM
Windu CMS 4.1 - Stored Cross-Site Scripting in Logon Page
CVSS 5.4
CVE-2025-13349
LOW
SourceCodester Student Grades Management System 1.0 - Stored Cross-Site Scripting in Grades.php Remarks Field
CVSS 3.5
CVE-2025-41350
MEDIUM
WinPlus v24.11.27 - Stored Cross-Site Scripting via 'descripcion' Parameter
CVSS 5.4
CVE-2025-41349
MEDIUM
WinPlus v24.11.27 - Stored Cross-Site Scripting via Descripcion Parameter
CVSS 5.4
CVE-2025-13343
LOW
SourceCodester Interview Management System 1.0 - Cross-Site Scripting via Question Parameter in editQuestion.php
CVSS 3.5
CVE-2025-4212
HIGH
Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting via File Upload
CVSS 7.2
CVE-2025-13196
MEDIUM
Element Pack Addons for Elementor <= 8.3.4 - Authenticated Stored XSS via Open Street Map Widget
CVSS 5.4
CVE-2025-12691
MEDIUM
Photonic Gallery & Lightbox <= 3.21 - Authenticated Stored XSS via Lightbox Caption
CVSS 6.4
CVE-2025-12457
MEDIUM
Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-12088
MEDIUM
Meta Display Block <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Meta Display Block
CVSS 6.4
CVE-2025-12079
MEDIUM
WP Twitter Auto Publish <1.7.3 - XSS
CVSS 6.1
CVE-2025-8609
MEDIUM
RTMKit < 1.6.5 - Authenticated Stored Cross-Site Scripting via Accordion Block Attributes
CVSS 6.4
CVE-2025-8605
MEDIUM
Gutenify <= 1.5.9 - Authenticated Stored XSS via Block Attributes
CVSS 6.4
CVE-2025-26391
MEDIUM
SolarWinds Observability Self-Hosted < 2025.4.1 - Authenticated Stored Cross-Site Scripting in User-Created URL Fields
CVSS 5.4
CVE-2025-12823
MEDIUM
CSV to SortTable <= 4.2 - Authenticated Stored Cross-Site Scripting via CSV Shortcode
CVSS 6.4
CVE-2025-12078
MEDIUM
ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Unauthenticated Reflected Cross-Site Scripting via PostMessage
CVSS 6.1
Details
Vulnerabilities
45,022
Exploit Likelihood
High