CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-10088 LOW
SourceCodester Time Tracker 1.0 - Cross-Site Scripting via Project-Name Parameter
CVSS 3.5
CVE-2025-10075 LOW
SourceCodester Online Polling System 1.0 - Cross-Site Scripting via Firstname Parameter in manage-profile.php
CVSS 3.5
CVE-2025-10074 LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via Tipos de Usurio/Descrio Parameters
CVSS 3.5
CVE-2025-10067 MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10066 MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting in Dynamic Table Template
CVSS 4.3
CVE-2025-10065 MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10064 MEDIUM
itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10063 MEDIUM
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 4.3
CVE-2025-10032 MEDIUM
Campcodes Grocery Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-10029 LOW
itsourcecode POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
CVE-2025-10028 LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
CVE-2025-6757 MEDIUM
Recent Posts Widget Extended <2.0.2 - XSS
CVSS 6.4
CVE-2025-9493 MEDIUM
Admin Menu Editor <= 1.14 - Authenticated Stored Cross-Site Scripting via Placeholder Parameter
CVSS 6.4
CVE-2025-9442 MEDIUM
StreamWeasels Kick Integration <1.1.5 - XSS
CVSS 6.4
CVE-2025-9126 MEDIUM
Smart Table Builder <= 1.0.1 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-8722 MEDIUM
Content Views - Post Grid & Filter < 4.1 - Authenticated Stored Cross-Site Scripting via Grid and List Widgets
CVSS 6.4
CVE-2025-8564 MEDIUM
SKT Addons for Elementor <3.7 - XSS
CVSS 6.4
CVE-2025-8149 MEDIUM
aThemes Addons for Elementor <1.1.2 - XSS
CVSS 6.4
CVE-2025-9853 MEDIUM
Optio Dentistry <= 2.2 - Authenticated Stored Cross-Site Scripting via optio-lightbox Shortcode
CVSS 6.4
CVE-2025-8360 MEDIUM
LA-Studio Element Kit for Elementor < 1.5.5.1 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-9849 MEDIUM
Html Social share buttons plugin <2.1.16 - XSS
CVSS 6.4
CVE-2025-6067 MEDIUM
Easy Social Feed < 6.6.7 - Authenticated Stored Cross-Site Scripting via data-caption and data-linktext Parameters
CVSS 6.4
CVE-2025-10027 LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via Scripts Argument
CVSS 3.5
CVE-2025-10044 MEDIUM
Keycloak < 26.2.9 - Phishing via Unsanitized Error Description Parameter
CVSS 4.3
CVE-2025-10026 LOW
POS Point of Sale System 1.0 - Cross-Site Scripting via scripts Parameter
CVSS 3.5
Details
Vulnerabilities 45,137
Exploit Likelihood High