CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,141 vulnerabilities with CWE-79
CVE-2025-49898
HIGH
Dropshix <= 4.0.14 - DOM-Based Cross-Site Scripting
CVSS 7.6
CVE-2025-55203
MEDIUM
Plane < 0.28.0 - Stored Cross-Site Scripting in Description HTML Field
CVSS 5.4
CVE-2025-8720
MEDIUM
WordPress Plugin README Parser <1.3.15 - XSS
CVSS 6.4
CVE-2025-8080
MEDIUM
Alobaidi Captcha <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2025-5844
MEDIUM
Radius Blocks WordPress Gutenberg Blocks <= 2.2.1 - Authenticated Stored XSS via subHeadingTagName
CVSS 6.4
CVE-2025-8604
MEDIUM
WP Table Builder - WordPress Table Plugin <= 2.0.12 - Authenticated Stored Cross-Site Scripting via wptb Shortcode
CVSS 6.4
CVE-2025-9017
MEDIUM
PHPGurukul Zoo Management System 2.1 - Cross-Site Scripting via visitorname Parameter
CVSS 4.3
CVE-2025-8451
MEDIUM
Essential Addons for Elementor - WordPress <= 6.2.2 - XSS
CVSS 6.4
CVE-2025-9003
LOW
Dlink Dir-818lw Firmware - Code Injection
CVSS 3.5
CVE-2025-8867
MEDIUM
Graphina - Elementor Charts and Graphs <3.1.3 - XSS
CVSS 6.4
CVE-2025-51965
MEDIUM
OURPHP <= 8.6.1 - Cross-Site Scripting via Complete Profile Name Field
CVSS 6.1
CVE-2025-8976
LOW
Vvveb < 1.0.6 - Cross-Site Scripting via /vadmin123/index.php Endpoint
CVSS 3.5
CVE-2025-8975
LOW
Vvveb < 1.0.6 - Cross-Site Scripting via slug Parameter in admin/template/content/edit.tpl
CVSS 3.5
CVE-2025-55714
MEDIUM
Crocoblock JetElements For Elementor <2.7.9 - XSS
CVSS 6.5
CVE-2025-55713
MEDIUM
Blocksy <= 2.1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-55711
MEDIUM
WP Table Builder <= 2.0.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-55709
MEDIUM
Visual Composer Website Builder - XSS
CVSS 6.5
CVE-2025-54749
MEDIUM
Crocoblock JetProductGallery <2.2.0.2 - XSS
CVSS 6.5
CVE-2025-54747
MEDIUM
Templatera <= 2.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54746
MEDIUM
cartpauj Shortcode Redirect <1.0.02 - XSS
CVSS 6.5
CVE-2025-54740
MEDIUM
Michael Nelson Print My Blog <3.27.9 - XSS
CVSS 6.5
CVE-2025-54729
MEDIUM
Webba Booking <= 6.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54727
MEDIUM
CM On Demand Search And Replace <1.5.2 - XSS
CVSS 5.9
CVE-2025-54708
MEDIUM
B Blocks < 2.0.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54054
MEDIUM
12 Step Meeting List <= 3.18.3 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,141
Exploit Likelihood
High