CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,028 vulnerabilities with CWE-79
CVE-2025-64176
MEDIUM
ThinkDashboard < 0.6.8 - Unrestricted File Upload via Backup Import Feature
CVSS 5.3
CVE-2025-64174
MEDIUM
OpenMage Magento < 20.16.0 - Stored Cross-Site Scripting in Admin Notification Grid Actions Renderer
CVSS 4.8
CVE-2025-12486
HIGH
Heimdall Data Database Proxy >=23.11.06.1 <23.11.06.1 - Remote Code Execution via Database Event Log Handling
CVSS 8.8
CVE-2025-34237
MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Stored Cross-Site Scripting via StandaloneVpnClientsController
CVSS 5.4
CVE-2025-34236
MEDIUM
Advantech WebAccess/VPN < 1.1.5 - Stored Cross-Site Scripting via NetworksController.addNetworkAction()
CVSS 5.4
CVE-2025-63589
HIGH
CMSimple_XH 1.8 - Reflected Cross-Site Scripting via URL Path Segments
CVSS 7.1
CVE-2025-63588
HIGH
CMSimpleXH - Unauthenticated Reflected Cross-Site Scripting via Query Handling
CVSS 7.1
CVE-2025-64232
HIGH
icopydoc Import from YML <= 3.1.17 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64224
HIGH
ThemeGoods Grand Conference Theme Custom Post Type < 2.6.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64198
HIGH
appscreo Easy Social Share Buttons <10.7.1 - XSS
CVSS 7.1
CVE-2025-64196
HIGH
Booster for WooCommerce <= 7.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-63307
HIGH
alexusmai laravel-file-manager 3.3.1 - XSS
CVSS 8.1
CVE-2025-62076
HIGH
Simple Payment <= 2.4.6 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62074
HIGH
WPMobile.App <= 11.71 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62059
HIGH
Brainstorm Force SureRank <=1.3.2 - XSS
CVSS 7.1
CVE-2025-62057
HIGH
Houzez Theme - Functionality < 4.2.0 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62051
MEDIUM
AndonDesign UDesign Core <= 4.14.1 - XSS
CVSS 6.5
CVE-2025-62044
MEDIUM
CodexThemes TheGem Theme Elements - XSS
CVSS 6.5
CVE-2025-62041
HIGH
TheGem (Elementor) <= 5.10.5.1 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62040
HIGH
YOP Poll <= 6.5.37 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62036
HIGH
Togo < 1.0.4 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62032
MEDIUM
tagDiv Cloud Library < 3.9.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62031
HIGH
tagDiv Composer <= 5.4.1 - Cross-Site Scripting
CVSS 7.1
CVE-2025-62030
MEDIUM
tagDiv Composer <= 5.4.1 - Cross-Site Scripting
CVSS 6.5
CVE-2025-62012
MEDIUM
TheGem (Elementor) <= 5.10.5 - Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,028
Exploit Likelihood
High