CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-8155
LOW
D-Link DCS-6010L 1.15.03 - Cross-Site Scripting via paratest Parameter in Management Application
CVSS 3.5
CVE-2025-5254
MEDIUM
Kron PAM < 3.7 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-3614
MEDIUM
ElementsKit Elementor Addons < 3.5.3 - Authenticated Stored Cross-Site Scripting via Custom Widget URL Attribute
CVSS 6.4
CVE-2025-8115
LOW
PHPGurukul Taxi Stand Management System 1.0 - Cross-Site Scripting via Registration Number or License Number Parameter
CVSS 3.5
CVE-2025-53084
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via VideosList Page Parameter
CVSS 9.0
CVE-2025-50128
CRITICAL
WWBN AVideo 14.4 and dev master - Stored Cross-Site Scripting via videoNotFound 404ErrorMsg Parameter
CVSS 9.6
CVE-2025-47061
MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-46996
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46993
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46410
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via managerPlaylists PlaylistOwnerUsersId Parameter
CVSS 9.6
CVE-2025-41420
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via UserLogin cancelUri Parameter
CVSS 9.6
CVE-2025-36548
HIGH
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via LoginWordPress cancelUri Parameter
CVSS 8.3
CVE-2025-8071
MEDIUM
Mine CloudVod LMS < 2.1.10 - Authenticated Stored Cross-Site Scripting via Audio Parameter
CVSS 6.4
CVE-2025-7966
MEDIUM
Get Youtube Subs <= 3.5 - Authenticated Stored Cross-Site Scripting via Channel Parameter
CVSS 6.4
CVE-2025-7959
MEDIUM
Station Pro for WordPress <= 2.4.2 - Authenticated Stored XSS via Width/Height
CVSS 6.4
CVE-2025-6588
MEDIUM
FunnelCockpit <= 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Error Parameter
CVSS 6.1
CVE-2025-6539
MEDIUM
Voltax Video Player <= 1.6.5 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-6387
MEDIUM
WP Get The Table <= 1.5 - Authenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-6385
MEDIUM
WP Applink <= 0.4.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-6382
MEDIUM
Taeggie Feed <= 0.1.10 - Authenticated Stored Cross-Site Scripting via Shortcode Name Attribute
CVSS 6.4
CVE-2025-6262
MEDIUM
Muse.ai video embedding plugin <0.4 - XSS
CVSS 6.4
CVE-2025-5084
MEDIUM
Post Grid Master < 3.4.13 - Unauthenticated Reflected Cross-Site Scripting via read_more_text Parameter
CVSS 6.1
CVE-2025-4608
MEDIUM
WordPress Structured Content <1.6.4 - XSS
CVSS 6.4
CVE-2025-3669
MEDIUM
Supreme Addons for Beaver Builder <1.0.9 - XSS
CVSS 6.4
CVE-2025-4968
MEDIUM
WPBakery Page Builder < 8.4.1 - Authenticated Stored Cross-Site Scripting via Multiple Page Builder Elements
CVSS 6.4
Details
Vulnerabilities
45,143
Exploit Likelihood
High