CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-2800
HIGH
WP Event Manager < 3.1.50 - Unauthenticated Stored Cross-Site Scripting via Organizer Name Parameter
CVSS 7.2
CVE-2025-2799
MEDIUM
WP Event Manager < 3.1.49 - Authenticated Stored Cross-Site Scripting via Tag Name Parameter
CVSS 4.4
CVE-2025-6977
MEDIUM
ProfileGrid <= 5.9.5.4 - Unauthenticated Reflected XSS via pm_get_messenger_notification
CVSS 6.1
CVE-2025-30746
MEDIUM
Oracle iStore 12.2.3-12.2.14 - Unauthenticated Cross-Site Request Forgery in Shopping Cart
CVSS 6.1
CVE-2025-53903
LOW
the-scratch-channel.github.io - Cross-Site Scripting via Unsanitized Text Box Input
CVE-2025-52378
MEDIUM
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - XSS
CVSS 5.4
CVE-2025-33097
MEDIUM
IBM QRadar SIEM 7.5-7.5.0 UP12 IF02 - XSS
CVSS 6.4
CVE-2025-4369
MEDIUM
WordPress Companion Auto Update <3.9.2 - XSS
CVSS 5.5
CVE-2025-7672
MEDIUM
JiranSoft CrossEditor4 <4.6.0.23 - XSS
CVSS 4.3
CVE-2025-7367
MEDIUM
Strong Testimonials <= 3.2.11 - Authenticated Stored Cross-Site Scripting via Testimonial Custom Fields
CVSS 6.4
CVE-2025-53839
MEDIUM
DRACOON Branding Service <2.10.0 - XSS
CVSS 4.0
CVE-2025-53835
CRITICAL
XWiki 5.4.5-14.10 - Stored Cross-Site Scripting via Raw Block HTML Injection
CVSS 9.0
CVE-2025-53834
MEDIUM
Caido < 0.49.0 - Reflected Cross-Site Scripting in Toast UI Component
CVSS 6.3
CVE-2025-53824
MEDIUM
WeGIA < 3.4.4 - Reflected Cross-Site Scripting via editar_permissoes.php msg_c Parameter
CVSS 5.4
CVE-2025-53822
MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via relatorio_geracao.php tipo_relatorio Parameter
CVSS 6.5
CVE-2025-53820
MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via 'erro' Parameter in index.php
CVSS 6.5
CVE-2025-7601
LOW
PHPGurukul Online Library Management System 3.0 - XSS
CVSS 3.5
CVE-2025-7618
MEDIUM
ADM <4.3.3.RH61 & <5.0.0.RIN1 - XSS
CVE-2025-7380
MEDIUM
ASUSTOR ADM <= 5.0.0.RIN1 - Shared Folder Stored Cross-Site Scripting
CVE-2025-7569
LOW
Bigotry OneBase <= 1.3.6 - Cross-Site Scripting via parse_args Function
CVSS 3.5
CVE-2025-7567
MEDIUM
ShopXO < 6.5.0 - Cross-Site Scripting via lang/system_type Parameter
CVSS 4.3
CVE-2025-7554
LOW
Sapido RB-1802 1.0.32 - Cross-Site Scripting in URL Filtering Page
CVSS 2.4
CVE-2025-53865
MEDIUM
Roundup < 2.5.0 - Cross-Site Scripting via Issue Tracker Templates
CVSS 6.4
CVE-2025-6068
MEDIUM
FooGallery < 2.4.31 - Authenticated Stored Cross-Site Scripting via Caption Attributes
CVSS 6.4
CVE-2025-5530
MEDIUM
WPC Smart Compare for WooCommerce <6.4.6 - XSS
CVSS 6.4
Details
Vulnerabilities
45,143
Exploit Likelihood
High