CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,133 vulnerabilities with CWE-79
CVE-2025-55996
MEDIUM
Viber < 25.6.0 - HTML Injection via Message Compose/Forward Text Parameter
CVSS 6.3
CVE-2025-8280
MEDIUM
Contact Form 7 reCAPTCHA < 1.2.0 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 5.8
CVE-2025-9879
MEDIUM
Spotify Embed Creator <= 1.0.5 - Authenticated Stored Cross-Site Scripting via Spotify Shortcode
CVSS 6.4
CVE-2025-9877
MEDIUM
Embed Google Datastudio plugin <1.0.0 - XSS
CVSS 6.4
CVE-2025-10274
MEDIUM
10oa 1.0 - Cross-Site Scripting via Name Parameter in /trial/mvc/item
CVSS 4.3
CVE-2025-10272
MEDIUM
10oa 1.0 - Cross-Site Scripting via Name Parameter in /trial/mvc/catalogue
CVSS 4.3
CVE-2025-10271
MEDIUM
10oa 1.0 - Cross-Site Scripting via Name Parameter
CVSS 4.3
CVE-2025-10255
LOW
OnlyOffice < 12.7.0 - Cross-Site Scripting in Comment Handler
CVSS 3.5
CVE-2025-10254
LOW
OnlyOffice < 12.7.0 - Cross-Site Scripting via SVG Image Handler in Messages.aspx
CVSS 3.5
CVE-2025-10253
LOW
openDCIM 23.04 - Cross-Site Scripting via SVG File Handler in uploadifive.php
CVSS 3.5
CVE-2025-40696
MEDIUM
Online Fire Reporting System 1.2 - Stored XSS via fullname, location, and message
CVSS 5.4
CVE-2025-40695
MEDIUM
Online Fire Reporting System v1.2 - Authenticated Stored Cross-Site Scripting via remark status takeaction Parameters
CVSS 5.4
CVE-2025-40694
MEDIUM
Online Fire Reporting System 1.2 - Authenticated Stored Cross-Site Scripting via fromdate and todate Parameters
CVSS 5.4
CVE-2025-40693
MEDIUM
Online Fire Reporting System 1.2 - Authenticated Stored Cross-Site Scripting via tname Parameter
CVSS 5.4
CVE-2025-9861
MEDIUM
ThemeLoom Widgets <= 1.8.5 - Authenticated Stored Cross-Site Scripting via los_showposts Shortcode
CVSS 6.4
CVE-2025-9860
MEDIUM
Mixtape < 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-9855
MEDIUM
Enhanced BibliPlug <= 1.3.8 - Authenticated Stored Cross-Site Scripting via bibliplug_authors Shortcode
CVSS 6.4
CVE-2025-9850
MEDIUM
Evenium <= 1.3.11 - Authenticated Stored Cross-Site Scripting via evenium_single_event Shortcode
CVSS 6.4
CVE-2025-9128
MEDIUM
eID Easy <= 4.9.3 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-9123
MEDIUM
CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated Stored XSS via Popup Parameters
CVSS 6.4
CVE-2025-8721
MEDIUM
Workable Api <= 1.0.4 - Authenticated Stored Cross-Site Scripting via workable_jobs Shortcode
CVSS 6.4
CVE-2025-8691
MEDIUM
WP Scriptcase <= 2.0.0 - Authenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-8689
MEDIUM
Elements Plus! <= 2.16.4 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-8686
MEDIUM
WP Easy FAQs <= 1.0.5 - Authenticated Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode
CVSS 6.4
CVE-2025-8445
MEDIUM
Countdown Timer for Elementor <= 1.3.9 - Authenticated Stored Cross-Site Scripting via countdown_label Parameter
CVSS 6.4
Details
Vulnerabilities
45,133
Exploit Likelihood
High