CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,133 vulnerabilities with CWE-79
CVE-2025-8398
MEDIUM
Azurecurve BBCode plugin <2.0.4 - XSS
CVSS 6.4
CVE-2025-8392
MEDIUM
Mitfahrgelegenheit <= 1.1.5 - Authenticated Stored Cross-Site Scripting via Date Parameter
CVSS 6.4
CVE-2025-8318
MEDIUM
Jobify <= 1.4.4 - Authenticated Stored Cross-Site Scripting via Keyword Parameter
CVSS 6.4
CVE-2025-8316
MEDIUM
Certifica WP <= 3.1 - Authenticated Stored Cross-Site Scripting via Evento Parameter
CVSS 6.4
CVE-2025-8215
MEDIUM
Responsive Addons for Elementor <1.7.4 - XSS
CVSS 6.4
CVE-2025-5801
MEDIUM
Digital Events Calendar <1.0.8 - XSS
CVSS 6.4
CVE-2025-9910
MEDIUM
jsondiffpatch < 0.7.2 - Cross-Site Scripting via HtmlFormatter::nodeBegin
CVSS 4.7
CVE-2025-10246
LOW
lo Gibhardwaj PHP-Code-For-Unlimited-File-Upload <124fe96324915490c...
CVSS 3.5
CVE-2025-10235
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting in Reports Module Colour Parameter
CVSS 2.4
CVE-2025-10234
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting in Data Point Edit Module
CVSS 2.4
CVE-2025-43783
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via /c/portal/comment/discussion/get_editor
CVSS 6.1
CVE-2025-57520
MEDIUM
Decap CMS < 3.8.3 - Stored Cross-Site Scripting in Content Preview Pane
CVSS 6.1
CVE-2025-43785
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in My Workflow Tasks Page
CVSS 6.1
CVE-2025-8681
MEDIUM
Pega Platform 7.1.0-23.1.5 - Authenticated Stored Cross-Site Scripting in User Interface Component
CVSS 5.5
CVE-2025-59035
MEDIUM
Indico < 3.3.8 - Cross-Site Scripting in LaTeX Math Renderer
CVSS 4.6
CVE-2025-40725
MEDIUM
Azon Dominator PHP script - Reflected Cross-Site Scripting via Search q Parameter
CVE-2025-9857
MEDIUM
Heateor Login - Social Login Plugin <1.1.9 - XSS
CVSS 6.4
CVE-2025-9367
MEDIUM
Welcart e-Commerce <= 2.11.20 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.5
CVE-2025-10126
MEDIUM
MyBrain Utilities <= 1.0.8 - Authenticated Stored Cross-Site Scripting via mbumap Shortcode
CVSS 6.4
CVE-2025-8388
MEDIUM
PowerPack Elementor Addons <2.9.4 - XSS
CVSS 6.4
CVE-2025-49461
MEDIUM
Zoom Workplace Clients < 6.5.0 - Unauthenticated Cross-Site Scripting and Denial of Service
CVSS 4.3
CVE-2025-7746
MEDIUM
Schneider Electric Altivar Process Drives - Cross-Site Scripting
CVE-2025-58768
CRITICAL
DeepChat <0.3.5 - Command Injection
CVSS 9.6
CVE-2025-58765
HIGH
wabac.js < 2.23.11 - Reflected Cross-Site Scripting via 404 Error Handler
CVSS 7.1
CVE-2025-44595
MEDIUM
halo < 2.20.17 - Cross-Site Scripting in Archives Endpoint
CVSS 6.1
Details
Vulnerabilities
45,133
Exploit Likelihood
High