CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,122 vulnerabilities with CWE-79
CVE-2025-9077
MEDIUM
Ultra Addons Lite for Elementor <1.1.9 - XSS
CVSS 6.4
CVE-2025-9045
MEDIUM
Easy Elementor Addons <= 2.2.9 - Authenticated Stored Cross-Site Scripting via Widget Parameters
CVSS 6.4
CVE-2025-8776
MEDIUM
Epic Bootstrap Buttons <= 1.0 - Authenticated Stored Cross-Site Scripting via icol Parameter
CVSS 6.4
CVE-2025-10192
MEDIUM
WP Photo Effects <= 1.2.4 - Authenticated Stored Cross-Site Scripting via wppe_effect Shortcode
CVSS 6.4
CVE-2025-10165
MEDIUM
AP Background <= 3.8.2 - Authenticated Stored Cross-Site Scripting via adv_parallax_back Shortcode
CVSS 6.4
CVE-2025-10053
MEDIUM
TableGen - Data Table Generator <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-0876
MEDIUM
IT's Workif <= 20251003 - Cross-Site Scripting
CVSS 4.1
CVE-2025-61599
MEDIUM
emlog < 2.5.21 - Authenticated Stored Cross-Site Scripting in Twitter Feature
CVSS 5.4
CVE-2025-61597
HIGH
emlog < 2.5.22 - Stored Cross-Site Scripting via Mail Template Settings
CVSS 7.6
CVE-2025-54089
LOW
Absolute Secure Access < 14.10 - Authenticated Stored Cross-Site Scripting
CVSS 3.4
CVE-2025-56154
MEDIUM
htmly 3.0.8 - Cross-Site Scripting via Author Name Parameter
CVSS 6.1
CVE-2025-61087
MEDIUM
SourceCodester Pet Grooming Mgmt <1.0 - XSS
CVSS 6.1
CVE-2025-60782
MEDIUM
PHP Education Manager 1.0 - Stored Cross-Site Scripting in Topics Management Module
CVSS 5.4
CVE-2025-59774
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_VON.ASP Parameters
CVSS 6.1
CVE-2025-59773
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_TP.ASP Parameters
CVSS 6.1
CVE-2025-59772
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_SIL.ASP Parameters
CVSS 6.1
CVE-2025-59771
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MRK.ASP Parameters
CVSS 6.1
CVE-2025-59770
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MON.ASP Parameters
CVSS 6.1
CVE-2025-59769
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MOL.ASP Parameters
CVSS 6.1
CVE-2025-59768
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_MNG.ASP Parameters
CVSS 6.1
CVE-2025-59767
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LVE.ASP Parameters
CVSS 6.1
CVE-2025-59766
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LT.ASP Parameters
CVSS 6.1
CVE-2025-59765
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LF.ASP Parameters
CVSS 6.1
CVE-2025-59764
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_FCC.ASP Parameters
CVSS 6.1
CVE-2025-59763
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_EK.ASP Parameters
CVSS 6.1
Details
Vulnerabilities
45,122
Exploit Likelihood
High