CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,122 vulnerabilities with CWE-79
CVE-2025-9077 MEDIUM
Ultra Addons Lite for Elementor <1.1.9 - XSS
CVSS 6.4
CVE-2025-9045 MEDIUM
Easy Elementor Addons <= 2.2.9 - Authenticated Stored Cross-Site Scripting via Widget Parameters
CVSS 6.4
CVE-2025-8776 MEDIUM
Epic Bootstrap Buttons <= 1.0 - Authenticated Stored Cross-Site Scripting via icol Parameter
CVSS 6.4
CVE-2025-10192 MEDIUM
WP Photo Effects <= 1.2.4 - Authenticated Stored Cross-Site Scripting via wppe_effect Shortcode
CVSS 6.4
CVE-2025-10165 MEDIUM
AP Background <= 3.8.2 - Authenticated Stored Cross-Site Scripting via adv_parallax_back Shortcode
CVSS 6.4
CVE-2025-10053 MEDIUM
TableGen - Data Table Generator <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-0876 MEDIUM
IT's Workif <= 20251003 - Cross-Site Scripting
CVSS 4.1
CVE-2025-61599 MEDIUM
emlog < 2.5.21 - Authenticated Stored Cross-Site Scripting in Twitter Feature
CVSS 5.4
CVE-2025-61597 HIGH
emlog < 2.5.22 - Stored Cross-Site Scripting via Mail Template Settings
CVSS 7.6
CVE-2025-54089 LOW
Absolute Secure Access < 14.10 - Authenticated Stored Cross-Site Scripting
CVSS 3.4
CVE-2025-56154 MEDIUM
htmly 3.0.8 - Cross-Site Scripting via Author Name Parameter
CVSS 6.1
CVE-2025-61087 MEDIUM
SourceCodester Pet Grooming Mgmt <1.0 - XSS
CVSS 6.1
CVE-2025-60782 MEDIUM
PHP Education Manager 1.0 - Stored Cross-Site Scripting in Topics Management Module
CVSS 5.4
CVE-2025-59774 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_VON.ASP Parameters
CVSS 6.1
CVE-2025-59773 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_TP.ASP Parameters
CVSS 6.1
CVE-2025-59772 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_SIL.ASP Parameters
CVSS 6.1
CVE-2025-59771 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MRK.ASP Parameters
CVSS 6.1
CVE-2025-59770 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MON.ASP Parameters
CVSS 6.1
CVE-2025-59769 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MOL.ASP Parameters
CVSS 6.1
CVE-2025-59768 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MNG.ASP Parameters
CVSS 6.1
CVE-2025-59767 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LVE.ASP Parameters
CVSS 6.1
CVE-2025-59766 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LT.ASP Parameters
CVSS 6.1
CVE-2025-59765 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LF.ASP Parameters
CVSS 6.1
CVE-2025-59764 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_FCC.ASP Parameters
CVSS 6.1
CVE-2025-59763 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_EK.ASP Parameters
CVSS 6.1
Details
Vulnerabilities 45,122
Exploit Likelihood High