CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-8391 MEDIUM
Magic Edge - Lite <= 1.1.6 - Authenticated Stored Cross-Site Scripting via Height Parameter
CVSS 6.4
CVE-2025-6832 MEDIUM
WordPress All in One Time Clock Lite - XSS
CVSS 6.1
CVE-2025-8317 MEDIUM
Custom Word Cloud <= 0.3 - Authenticated Stored Cross-Site Scripting via Angle Parameter
CVSS 6.4
CVE-2025-8212 MEDIUM
Medical Addon for Elementor <1.6.3 - XSS
CVSS 6.4
CVE-2025-6626 MEDIUM
ShortPixel Adaptive Images - WordPress <3.10.3 - XSS
CVSS 4.4
CVE-2025-4588 MEDIUM
360 Photo Spheres <= 1.3 - Authenticated Stored Cross-Site Scripting via Sphere Shortcode
CVSS 6.4
CVE-2025-8146 MEDIUM
Qi Addons For Elementor <1.9.2 - XSS
CVSS 6.4
CVE-2025-50869 MEDIUM
Institute-of-Current-Students 1.0 - XSS
CVSS 6.1
CVE-2025-33118 MEDIUM
IBM QRadar SIEM 7.5-7.5.0 Update Pack 12 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-51504 HIGH
Microweber CMS 2.0 - Stored Cross-Site Scripting via Last Name Field
CVSS 7.6
CVE-2025-51502 MEDIUM
Microweber 2.0 - Authenticated Reflected Cross-Site Scripting via Layout Parameter
CVSS 6.1
CVE-2025-51501 MEDIUM
Microweber >= 2.0.0 - Reflected Cross-Site Scripting via id Parameter in live_edit.module_settings
CVSS 6.1
CVE-2025-45778 MEDIUM
The Language Sloth Web Application 1.0 - Stored Cross-Site Scripting via Description Text Field
CVSS 6.1
CVE-2025-6228 MEDIUM
Sina Extension for Elementor < 3.7.0 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-4684 MEDIUM
BlockSpare <= 3.2.13.1 - Authenticated Stored XSS via Image Carousel/Slider Widget
CVSS 6.4
CVE-2025-7646 MEDIUM
The Plus Addons for Elementor - WooCommerce plugin for WordPress <6...
CVSS 6.4
CVE-2025-5921 MEDIUM
SureForms < 1.7.2 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 5.8
CVE-2025-7845 MEDIUM
Stratum - Elementor Widgets <1.6.0 - XSS
CVSS 6.4
CVE-2025-7725 HIGH
WordPress OpenAI plugin <26.1.0 - XSS
CVSS 7.2
CVE-2025-37109 LOW
HPE Telco Service Activator >=10.3.0 <10.3.2 - Cross-Site Scripting
CVSS 3.5
CVE-2025-37108 LOW
HPE Telco Service Activator >=10.3.0 <10.3.2 - Cross-Site Scripting
CVSS 3.5
CVE-2025-26064 HIGH
Intelbras RX 1500 and RX 3000 Firmware - Stored Cross-Site Scripting via Connected Device Name
CVSS 7.3
CVE-2025-51503 HIGH
Microweber 2.0 - Stored Cross-Site Scripting in User Profile Fields
CVSS 7.6
CVE-2025-50866 MEDIUM
CloudClassroom-PHP-Project 1.0 - XSS
CVSS 6.1
CVE-2025-52203 HIGH
DevaslanPHP project-management 1.2.4 - Authenticated Stored Cross-Site Scripting in Ticket Name Field
CVSS 7.6
Details
Vulnerabilities 45,142
Exploit Likelihood High