CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,048 vulnerabilities with CWE-79
CVE-2025-11733
HIGH
Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 7.2
CVE-2025-12324
MEDIUM
TablePress - WordPress <3.2.3 - XSS
CVSS 6.4
CVE-2025-11841
MEDIUM
Greenshift - WordPress <12.2.7 - XSS
CVSS 6.4
CVE-2025-43440
MEDIUM
Safari < 26.1 - Cross-Site Scripting
CVSS 6.5
CVE-2025-43338
HIGH
macOS Tahoe <26 - Memory Corruption
CVSS 7.1
CVE-2025-36172
MEDIUM
IBM Cloud Pak for Business Automation Stored XSS (24.0.0-24.0.1, 25.0.0)
CVSS 6.4
CVE-2025-63593
MEDIUM
Grav CMS 1.7.49.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-63441
HIGH
Open Source Social Network 8.6 - Cross-Site Scripting via Administrator Friends Endpoint
CVSS 7.3
CVE-2025-50363
MEDIUM
Phpgurukul Maid Hiring Management System 1.0 - XSS
CVSS 5.4
CVE-2025-10280
HIGH
SailPoint IdentityIQ < 8.3 - Cross-Site Scripting via Incorrect Content-Type Header
CVSS 7.1
CVE-2025-63450
MEDIUM
Car-Booking-System-PHP 1.0 - Cross-Site Scripting in Booking Page
CVSS 5.4
CVE-2025-63449
MEDIUM
Water Management System 1.0 - Cross-Site Scripting in /orders.php
CVSS 5.4
CVE-2025-63448
MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in /edit_product.php
CVSS 6.1
CVE-2025-63447
MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in add_customer.php
CVSS 6.1
CVE-2025-63446
MEDIUM
Water Management System 1.0 - Stored Cross-Site Scripting in /add_vendor.php
CVSS 6.1
CVE-2025-60503
HIGH
UltimatePOS 4.8 - Authenticated Stored Cross-Site Scripting via Purchase Reference No. Field
CVSS 8.7
CVE-2025-63443
MEDIUM
School Management System PHP v1.0 - XSS
CVSS 5.4
CVE-2025-63442
MEDIUM
Simple User Management System with PHP-MySQL v1.0 - XSS
CVSS 4.6
CVE-2025-6988
MEDIUM
KALLYAS WordPress Theme <= 4.23.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2025-12090
MEDIUM
Employee Spotlight & Meet the Team Plugin <5.1.2 - XSS
CVSS 6.4
CVE-2025-11502
MEDIUM
Schema & Structured Data for WP & AMP <1.51 - XSS
CVSS 6.4
CVE-2025-12118
MEDIUM
Schema Scalpel <= 1.6.1 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 6.4
CVE-2025-11995
HIGH
WordPress Community Events <1.5.2 - XSS
CVSS 7.2
CVE-2025-11927
MEDIUM
The Flying Images: Optimize and Lazy Load Images for Faster Page Sp...
CVSS 4.4
CVE-2025-11928
MEDIUM
WordPress CSS & JavaScript Toolbox <12.0.5 - XSS
CVSS 4.4
Details
Vulnerabilities
45,048
Exploit Likelihood
High