CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-8155 LOW
D-Link DCS-6010L 1.15.03 - Cross-Site Scripting via paratest Parameter in Management Application
CVSS 3.5
CVE-2025-5254 MEDIUM
Kron PAM < 3.7 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-3614 MEDIUM
ElementsKit Elementor Addons < 3.5.3 - Authenticated Stored Cross-Site Scripting via Custom Widget URL Attribute
CVSS 6.4
CVE-2025-8115 LOW
PHPGurukul Taxi Stand Management System 1.0 - Cross-Site Scripting via Registration Number or License Number Parameter
CVSS 3.5
CVE-2025-53084 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via VideosList Page Parameter
CVSS 9.0
CVE-2025-50128 CRITICAL
WWBN AVideo 14.4 and dev master - Stored Cross-Site Scripting via videoNotFound 404ErrorMsg Parameter
CVSS 9.6
CVE-2025-47061 MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-46996 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46993 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46410 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via managerPlaylists PlaylistOwnerUsersId Parameter
CVSS 9.6
CVE-2025-41420 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via UserLogin cancelUri Parameter
CVSS 9.6
CVE-2025-36548 HIGH
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via LoginWordPress cancelUri Parameter
CVSS 8.3
CVE-2025-8071 MEDIUM
Mine CloudVod LMS < 2.1.10 - Authenticated Stored Cross-Site Scripting via Audio Parameter
CVSS 6.4
CVE-2025-7966 MEDIUM
Get Youtube Subs <= 3.5 - Authenticated Stored Cross-Site Scripting via Channel Parameter
CVSS 6.4
CVE-2025-7959 MEDIUM
Station Pro for WordPress <= 2.4.2 - Authenticated Stored XSS via Width/Height
CVSS 6.4
CVE-2025-6588 MEDIUM
FunnelCockpit <= 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Error Parameter
CVSS 6.1
CVE-2025-6539 MEDIUM
Voltax Video Player <= 1.6.5 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-6387 MEDIUM
WP Get The Table <= 1.5 - Authenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-6385 MEDIUM
WP Applink <= 0.4.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-6382 MEDIUM
Taeggie Feed <= 0.1.10 - Authenticated Stored Cross-Site Scripting via Shortcode Name Attribute
CVSS 6.4
CVE-2025-6262 MEDIUM
Muse.ai video embedding plugin <0.4 - XSS
CVSS 6.4
CVE-2025-5084 MEDIUM
Post Grid Master < 3.4.13 - Unauthenticated Reflected Cross-Site Scripting via read_more_text Parameter
CVSS 6.1
CVE-2025-4608 MEDIUM
WordPress Structured Content <1.6.4 - XSS
CVSS 6.4
CVE-2025-3669 MEDIUM
Supreme Addons for Beaver Builder <1.0.9 - XSS
CVSS 6.4
CVE-2025-4968 MEDIUM
WPBakery Page Builder < 8.4.1 - Authenticated Stored Cross-Site Scripting via Multiple Page Builder Elements
CVSS 6.4
Details
Vulnerabilities 45,143
Exploit Likelihood High