CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,122 vulnerabilities with CWE-79
CVE-2025-8726
MEDIUM
WP Photo Album Plus <9.0.11.006 - XSS
CVSS 5.4
CVE-2025-61681
MEDIUM
KUNO CMS < 1.3.14 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53354
MEDIUM
NiceGUI < 3.0.0 - Cross-Site Scripting via ui.html()
CVSS 6.1
CVE-2025-52653
HIGH
HCL MyXalytics - Cross-Site Scripting
CVSS 7.6
CVE-2025-60454
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Image Management Module
CVSS 6.1
CVE-2025-60453
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Column Management Module
CVSS 6.1
CVE-2025-60452
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Download Module
CVSS 6.1
CVE-2025-60451
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Website Settings Module
CVSS 6.1
CVE-2025-60450
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60448
MEDIUM
Emlog Pro 2.5.19 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60447
MEDIUM
Emlog Pro 2.5.19 - Stored Cross-Site Scripting in Email Template Configuration
CVSS 5.9
CVE-2025-60445
MEDIUM
XunRuiCMS 4.7.1 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-9876
MEDIUM
Ird Slider <= 1.0.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-9875
MEDIUM
WordPress Event Tickets <1.0.2 - XSS
CVSS 6.4
CVE-2025-9859
MEDIUM
WordPress Fintelligence Calculator <1.0.3 - XSS
CVSS 6.4
CVE-2025-9858
MEDIUM
WordPress Auto Bulb Finder <2.8.0 - XSS
CVSS 6.4
CVE-2025-9854
MEDIUM
A Simple Multilanguage Plugin <1.0 - XSS
CVSS 6.4
CVE-2025-9372
MEDIUM
WordPress Multi Design Video Carousel <1.4 - XSS
CVSS 5.5
CVE-2025-9333
MEDIUM
Smart Docs <= 1.1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2025-9332
MEDIUM
WordPress Interactive Human Anatomy <2.6 - XSS
CVSS 5.5
CVE-2025-9206
MEDIUM
Meks Easy Maps <= 2.1.4 - Authenticated Stored Cross-Site Scripting via Post Title Field
CVSS 6.4
CVE-2025-9204
MEDIUM
X Addons for Elementor <1.0.14 - XSS
CVSS 6.4
CVE-2025-9130
MEDIUM
Unify < 3.4.7 - Authenticated Stored Cross-Site Scripting via unify_checkout Shortcode
CVSS 6.4
CVE-2025-9129
MEDIUM
Flexi - Guest Submit <= 4.28 - Authenticated Stored Cross-Site Scripting via flexi-form-tag Shortcode
CVSS 6.4
CVE-2025-9080
MEDIUM
Generic Elements < 1.2.8 - Authenticated Stored Cross-Site Scripting via Widget Fields
CVSS 6.4
Details
Vulnerabilities
45,122
Exploit Likelihood
High