CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-10088
LOW
SourceCodester Time Tracker 1.0 - Cross-Site Scripting via Project-Name Parameter
CVSS 3.5
CVE-2025-10075
LOW
SourceCodester Online Polling System 1.0 - Cross-Site Scripting via Firstname Parameter in manage-profile.php
CVSS 3.5
CVE-2025-10074
LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via Tipos de Usurio/Descrio Parameters
CVSS 3.5
CVE-2025-10067
MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10066
MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting in Dynamic Table Template
CVSS 4.3
CVE-2025-10065
MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10064
MEDIUM
itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10063
MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10032
MEDIUM
Campcodes Grocery Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-10029
LOW
itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
CVE-2025-10028
LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
CVE-2025-6757
MEDIUM
Recent Posts Widget Extended <2.0.2 - XSS
CVSS 6.4
CVE-2025-9493
MEDIUM
Admin Menu Editor <= 1.14 - Authenticated Stored Cross-Site Scripting via Placeholder Parameter
CVSS 6.4
CVE-2025-9442
MEDIUM
StreamWeasels Kick Integration <1.1.5 - XSS
CVSS 6.4
CVE-2025-9126
MEDIUM
Smart Table Builder <= 1.0.1 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-8722
MEDIUM
Content Views - Post Grid & Filter < 4.1 - Authenticated Stored Cross-Site Scripting via Grid and List Widgets
CVSS 6.4
CVE-2025-8564
MEDIUM
SKT Addons for Elementor <3.7 - XSS
CVSS 6.4
CVE-2025-8149
MEDIUM
aThemes Addons for Elementor <1.1.2 - XSS
CVSS 6.4
CVE-2025-9853
MEDIUM
Optio Dentistry <= 2.2 - Authenticated Stored Cross-Site Scripting via optio-lightbox Shortcode
CVSS 6.4
CVE-2025-8360
MEDIUM
LA-Studio Element Kit for Elementor < 1.5.5.1 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-9849
MEDIUM
Html Social share buttons plugin <2.1.16 - XSS
CVSS 6.4
CVE-2025-6067
MEDIUM
Easy Social Feed < 6.6.7 - Authenticated Stored Cross-Site Scripting via data-caption and data-linktext Parameters
CVSS 6.4
CVE-2025-10027
LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via Scripts Argument
CVSS 3.5
CVE-2025-10044
MEDIUM
Keycloak < 26.2.9 - Phishing via Unsanitized Error Description Parameter
CVSS 4.3
CVE-2025-10026
LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
Details
Vulnerabilities
45,137
Exploit Likelihood
High