CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,122 vulnerabilities with CWE-79
CVE-2025-8560
MEDIUM
FancyTabs <= 1.1.0 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-8214
MEDIUM
The Pack Elementor addon plugin <2.1.5 - XSS
CVSS 6.4
CVE-2025-8116
MEDIUM
widzialni pad_cms < 1.2.1 - Reflected Cross-Site Scripting in Print and PDF Save Functionality
CVSS 6.1
CVE-2025-6941
MEDIUM
LatePoint - Calendar Booking Plugin <5.1.94 - XSS
CVSS 6.4
CVE-2025-6815
MEDIUM
LatePoint - Calendar Booking Plugin <5.1.94 - XSS
CVSS 5.5
CVE-2025-10196
MEDIUM
Survey Anyplace < 1.0.0 - Authenticated Stored Cross-Site Scripting via surveyanyplace_embed Shortcode
CVSS 6.4
CVE-2025-10191
MEDIUM
Big Post Shipping for WooCommerce <2.1.1 - XSS
CVSS 6.4
CVE-2025-10189
MEDIUM
BP Direct Menus <= 1.0.0 - Authenticated Stored Cross-Site Scripting via 'bpdm_login' Shortcode
CVSS 6.4
CVE-2025-10182
MEDIUM
dbview <= 0.5.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10179
MEDIUM
My AskAI <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10168
MEDIUM
Any News Ticker plugin - WordPress <3.1.1 - XSS
CVSS 6.4
CVE-2025-10131
MEDIUM
All Social Share Options <1.0 - XSS
CVSS 6.4
CVE-2025-10130
MEDIUM
Layers <= 0.5 - Authenticated Stored Cross-Site Scripting via Webcam Shortcode
CVSS 6.4
CVE-2025-59948
MEDIUM
FreshRSS < 1.27.0 - Authenticated Cross-Site Scripting via Feed Event Handler Attributes
CVSS 6.7
CVE-2025-43817
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.74-7.4.3.111 - Reflected XSS via Redirect
CVSS 6.1
CVE-2025-43812
MEDIUM
Liferay Digital Experience Platform < 2023.q3.9 - XSS
CVSS 5.4
CVE-2025-57769
MEDIUM
FreshRSS < 1.27.0 - Cross-Site Scripting and Privilege Escalation via Iframe UI Obscuring
CVSS 6.1
CVE-2025-43820
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.6 - XSS via Calendar Widget User Invitation
CVSS 5.4
CVE-2025-43818
MEDIUM
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.6 - Cross-Site Scripting in Calendar Widget Name Field
CVSS 6.1
CVE-2025-43815
MEDIUM
Liferay Portal 7.4.3.102-7.4.3.110 & DXP 2023.Q4.0-2023.Q4.2 - XSS via backURLTitle
CVSS 6.1
CVE-2025-43811
MEDIUM
Liferay DXP 2023.Q3.1-Q3.7 Authenticated Stored XSS via Asset Author Name
CVSS 5.4
CVE-2025-35034
MEDIUM
Medical Informatics Engineering Enterprise Health - Reflected Cross-Site Scripting via portlet_user_id Parameter
CVSS 4.3
CVE-2025-57877
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57876
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 4.8
CVE-2025-57875
MEDIUM
Esri Portal for ArcGIS 11.4 and below - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities
45,122
Exploit Likelihood
High