CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-48312
MEDIUM
WPAvatar <= 1.9.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48305
MEDIUM
Goal Tracker for Patreon <= 0.4.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-48110
MEDIUM
Link View <= 0.8.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-55175
MEDIUM
QuickCMS - Reflected Cross-Site Scripting via sLangEdit Parameter
CVSS 6.1
CVE-2025-54544
MEDIUM
QuickCMS - Authenticated Stored Cross-Site Scripting via aDirFilesDescriptions Parameter
CVSS 4.8
CVE-2025-54543
MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting via sDescriptionMeta Parameter
CVSS 4.8
CVE-2025-54540
MEDIUM
QuickCMS - Reflected Cross-Site Scripting via sSort Parameter
CVSS 6.1
CVE-2025-8073
MEDIUM
Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated Stored Cross-Site Scripting via Name Parameter
CVSS 6.4
CVE-2025-6255
MEDIUM
Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Stored XSS via className
CVSS 6.4
CVE-2025-9346
MEDIUM
Booking Calendar <= 10.14.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.4
CVE-2025-8603
MEDIUM
Unlimited Elements For Elementor <1.5.148 - XSS
CVSS 6.4
CVE-2025-9352
MEDIUM
Pronamic Google Maps <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Description Field
CVSS 5.4
CVE-2025-9344
MEDIUM
UsersWP < 1.2.42 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-8897
MEDIUM
Beaver Builder < 2.9.2.1 - Unauthenticated Reflected Cross-Site Scripting via fl_builder Parameter
CVSS 6.1
CVE-2025-34521
MEDIUM
Arcserve UDP < 10.2 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-55618
HIGH
Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d - XSS
CVSS 7.3
CVE-2025-58216
MEDIUM
WP Thumbtack Review Slider <2.6 - XSS
CVSS 5.9
CVE-2025-58213
MEDIUM
ameliabooking Booking System Trafft - XSS
CVSS 6.5
CVE-2025-58212
MEDIUM
Epeken All Kurir <= 2.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58211
MEDIUM
alexvtn Chatbox Manager <1.2.6 - XSS
CVSS 6.5
CVE-2025-58209
MEDIUM
rtCamp Transcoder <= 1.4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58208
MEDIUM
Elementor Forms + Drag And Drop Template Builder <6.2.0 - XSS
CVSS 6.5
CVE-2025-58205
MEDIUM
Element Invader Elementor <1.3.6 - XSS
CVSS 6.5
CVE-2025-58197
MEDIUM
mra13/Team Tips and Tricks HQ Simple Download Monitor <3.9.34 - XSS
CVSS 6.5
CVE-2025-58196
MEDIUM
UiCore Elements <= 1.3.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,137
Exploit Likelihood
High