CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-8391
MEDIUM
Magic Edge - Lite <= 1.1.6 - Authenticated Stored Cross-Site Scripting via Height Parameter
CVSS 6.4
CVE-2025-6832
MEDIUM
WordPress All in One Time Clock Lite - XSS
CVSS 6.1
CVE-2025-8317
MEDIUM
Custom Word Cloud <= 0.3 - Authenticated Stored Cross-Site Scripting via Angle Parameter
CVSS 6.4
CVE-2025-8212
MEDIUM
Medical Addon for Elementor <1.6.3 - XSS
CVSS 6.4
CVE-2025-6626
MEDIUM
ShortPixel Adaptive Images - WordPress <3.10.3 - XSS
CVSS 4.4
CVE-2025-4588
MEDIUM
360 Photo Spheres <= 1.3 - Authenticated Stored Cross-Site Scripting via Sphere Shortcode
CVSS 6.4
CVE-2025-8146
MEDIUM
Qi Addons For Elementor <1.9.2 - XSS
CVSS 6.4
CVE-2025-50869
MEDIUM
Institute-of-Current-Students 1.0 - XSS
CVSS 6.1
CVE-2025-33118
MEDIUM
IBM QRadar SIEM 7.5-7.5.0 Update Pack 12 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-51504
HIGH
Microweber CMS 2.0 - Stored Cross-Site Scripting via Last Name Field
CVSS 7.6
CVE-2025-51502
MEDIUM
Microweber 2.0 - Authenticated Reflected Cross-Site Scripting via Layout Parameter
CVSS 6.1
CVE-2025-51501
MEDIUM
Microweber >= 2.0.0 - Reflected Cross-Site Scripting via id Parameter in live_edit.module_settings
CVSS 6.1
CVE-2025-45778
MEDIUM
The Language Sloth Web Application 1.0 - Stored Cross-Site Scripting via Description Text Field
CVSS 6.1
CVE-2025-6228
MEDIUM
Sina Extension for Elementor < 3.7.0 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-4684
MEDIUM
BlockSpare <= 3.2.13.1 - Authenticated Stored XSS via Image Carousel/Slider Widget
CVSS 6.4
CVE-2025-7646
MEDIUM
The Plus Addons for Elementor - WooCommerce plugin for WordPress <6...
CVSS 6.4
CVE-2025-5921
MEDIUM
SureForms < 1.7.2 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 5.8
CVE-2025-7845
MEDIUM
Stratum - Elementor Widgets <1.6.0 - XSS
CVSS 6.4
CVE-2025-7725
HIGH
WordPress OpenAI plugin <26.1.0 - XSS
CVSS 7.2
CVE-2025-37109
LOW
HPE Telco Service Activator >=10.3.0 <10.3.2 - Cross-Site Scripting
CVSS 3.5
CVE-2025-37108
LOW
HPE Telco Service Activator >=10.3.0 <10.3.2 - Cross-Site Scripting
CVSS 3.5
CVE-2025-26064
HIGH
Intelbras RX 1500 and RX 3000 Firmware - Stored Cross-Site Scripting via Connected Device Name
CVSS 7.3
CVE-2025-51503
HIGH
Microweber 2.0 - Stored Cross-Site Scripting in User Profile Fields
CVSS 7.6
CVE-2025-50866
MEDIUM
CloudClassroom-PHP-Project 1.0 - XSS
CVSS 6.1
CVE-2025-52203
HIGH
DevaslanPHP project-management 1.2.4 - Authenticated Stored Cross-Site Scripting in Ticket Name Field
CVSS 7.6
Details
Vulnerabilities
45,142
Exploit Likelihood
High