CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,028 vulnerabilities with CWE-79
CVE-2025-11828
MEDIUM
Magazine Companion <= 1.2.3 - Authenticated Stored Cross-Site Scripting via headerHtmlTag Attribute
CVSS 6.4
CVE-2025-11822
MEDIUM
WP Bootstrap Tabs <= 1.0.4 - Authenticated Stored Cross-Site Scripting via 'bootstrap_tab' Shortcode
CVSS 6.4
CVE-2025-11821
MEDIUM
WooCommerce - Products By Custom Tax <2.2 - XSS
CVSS 6.4
CVE-2025-11805
MEDIUM
WordPress Skip to Timestamp <1.4.4 - XSS
CVSS 6.4
CVE-2025-11129
MEDIUM
Include Fussball.de Widgets <4.0.0 - XSS
CVSS 6.4
CVE-2025-42886
MEDIUM
SAP Business Connector - Reflected Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-11892
CRITICAL
GitHub Enterprise Server DOM-based XSS via Issues Search Label Filter
CVSS 9.6
CVE-2025-64501
HIGH
prosemirror_to_html < 0.2.1 - Cross-Site Scripting via HTML Attribute Values
CVSS 7.6
CVE-2025-64167
HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via URL Parameter
CVSS 7.1
CVE-2025-62780
LOW
changedetection.io < 0.50.34 - Stored Cross-Site Scripting via Watch Update API
CVSS 3.5
CVE-2025-48065
HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via Error Field Content
CVSS 8.8
CVE-2025-48055
HIGH
Combodo iTop < 3.2.2 - Cross-Site Scripting in User Portal Browse Brick
CVSS 8.5
CVE-2025-47932
HIGH
Combodo iTop < 2.7.13 - Cross-Site Scripting via Dashboard AJAX Rendering
CVSS 8.8
CVE-2025-47773
HIGH
Combodo iTop < 2.7.13 - Stored Cross-Site Scripting via Dashboard Edit AJAX Call
CVSS 8.8
CVE-2025-63834
MEDIUM
Tenda AC18 <15.03.05.05_multi - XSS
CVSS 5.4
CVE-2025-63709
MEDIUM
SourceCodester Simple To-Do List System 1.0 - XSS
CVSS 5.4
CVE-2025-41001
MEDIUM
SOPlanning 1.53.02 - Stored Cross-Site Scripting via LOGOUT_REDIRECT Parameter
CVSS 5.4
CVE-2025-41107
MEDIUM
Smart School 7.0 - Stored Cross-Site Scripting via Online Admission POST Parameters
CVSS 5.4
CVE-2025-12920
LOW
FoxCMS < 1.2.16 - Cross-Site Scripting via Product Title Parameter
CVSS 2.4
CVE-2025-12837
MEDIUM
aThemes Addons for Elementor <1.1.5 - XSS
CVSS 6.4
CVE-2025-12643
MEDIUM
Saphali LiqPay for donate <= 1.0.2 - Authenticated Stored Cross-Site Scripting via 'saphali_liqpay' Shortcode
CVSS 6.4
CVE-2025-12193
MEDIUM
Mang Board WP <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting via 'mp' Parameter
CVSS 6.1
CVE-2025-12125
MEDIUM
HTML Forms - Simple WordPress Forms Plugin <1.5.5 - XSS
CVSS 4.4
CVE-2025-12112
MEDIUM
Insert Headers and Footers Code - HT Script <= 1.1.6 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-12064
MEDIUM
WP2Social Auto Publish <2.4.7 - XSS
CVSS 6.1
Details
Vulnerabilities
45,028
Exploit Likelihood
High