CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-9922
MEDIUM
Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-9921
LOW
code-projects POS Pharmacy System 1.0 - Cross-Site Scripting via product_code/gen_name/product_name/supplier Parameters
CVSS 2.4
CVE-2025-56761
MEDIUM
memos 0.22 - Authenticated Stored Cross-Site Scripting via Uploaded Attachment or Avatar
CVSS 5.4
CVE-2025-55944
MEDIUM
Slink v1.4.9 - Stored Cross-Site Scripting via SVG Upload
CVSS 6.1
CVE-2025-9823
MEDIUM
Mautic 4.4.0-4.4.16, 5.0.0-alpha-5.2.7, 6.0.0-alpha-6.0.4 - Reflected Cross-Site Scripting via Tags Input Field
CVE-2025-58640
MEDIUM
MatrixAddons Document Engine <1.2 - XSS
CVSS 6.5
CVE-2025-58633
MEDIUM
Deetronix Booking Ultra Pro <1.1.21 - XSS
CVSS 6.5
CVE-2025-58632
MEDIUM
Dadevarzan WordPress Common <2.2.2 - XSS
CVSS 6.5
CVE-2025-58631
MEDIUM
IssueM <= 2.9.0 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2025-58630
MEDIUM
rbaer Simple Matomo Tracking Code <1.1.0 - XSS
CVSS 5.9
CVE-2025-58626
MEDIUM
RumbleTalk Live Group Chat <6.3.5 - XSS
CVSS 6.5
CVE-2025-58625
MEDIUM
Spiffy Plugins WP Flow Plus <5.2.5 - XSS
CVSS 5.9
CVE-2025-58624
MEDIUM
Falselight Exchange Rates <1.2.5 - XSS
CVSS 6.5
CVE-2025-58623
MEDIUM
Bohemia Plugins Event Feed <1.3.2 - XSS
CVSS 6.5
CVE-2025-58621
MEDIUM
Amuse Labs PuzzleMe for WordPress <1.2.0 - XSS
CVSS 6.5
CVE-2025-58620
MEDIUM
add-ons.org PDF for WPForms <6.2.1 - XSS
CVSS 6.5
CVE-2025-58618
MEDIUM
Pie Calendar <= 1.2.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58614
MEDIUM
Tooltipy <= 5.5.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58612
MEDIUM
PropertyHive <= 2.1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58610
MEDIUM
WP Chill Gallery PhotoBlocks <1.3.1 - XSS
CVSS 6.5
CVE-2025-58609
MEDIUM
Iulia Cazan Latest Post Shortcode <14.0.3 - XSS
CVSS 6.5
CVE-2025-58607
MEDIUM
Cookie Notice & Consent Banner - XSS
CVSS 6.5
CVE-2025-58605
MEDIUM
WP Delicious <= 1.8.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58602
MEDIUM
If-So Dynamic Content Personalization <= 1.9.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58596
MEDIUM
MailOptin <= 1.2.75.0 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities
45,137
Exploit Likelihood
High