CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-6716
MEDIUM
OpenAI plugin for WordPress <26.0.8 - XSS
CVSS 6.4
CVE-2025-6200
MEDIUM
GeoDirectory < 2.8.120 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2025-7435
LOW
LiveHelperChat lhc-php-resque Extension - Cross-Site Scripting
CVSS 3.5
CVE-2025-53519
MEDIUM
Advantech iView <5.7.05 build 7057 - XSS
CVSS 5.4
CVE-2025-53397
MEDIUM
Advantech iView <5.7.05 build 7057 - XSS
CVSS 5.4
CVE-2025-41442
MEDIUM
Advantech iView < 5.7.05.7057 - Reflected Cross-Site Scripting via Input Parameter Manipulation
CVSS 5.4
CVE-2025-45662
MEDIUM
mpgram_web - Cross-Site Scripting in /master/login.php
CVSS 6.1
CVE-2025-53626
MEDIUM
pdfme 5.2.0-5.4.0 - Prototype Pollution and Cross-Site Scripting via Expression Evaluation
CVSS 6.1
CVE-2025-28245
MEDIUM
Alteryx Server 2023.1.1.460 - Cross-Site Scripting via Notification Body
CVSS 6.1
CVE-2025-28243
HIGH
Alteryx Server 2023.1.1.460 - Cross-Site Scripting via Pages Component
CVSS 8.0
CVE-2025-7408
LOW
SourceCodester Zoo Management System 1.0 - XSS
CVSS 3.5
CVE-2025-6948
HIGH
GitLab 17.11.0-17.11.5, 18.0.0-18.0.3, 18.1.0-18.1.1 - Cross-Site Scripting
CVSS 8.7
CVE-2025-7387
MEDIUM
Lana Downloads Manager <1.10.0 - XSS
CVSS 5.5
CVE-2025-6236
MEDIUM
Hostel WordPress Plugin < 1.1.5.9 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-6234
MEDIUM
Hostel WordPress Plugin < 1.1.5.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-5807
MEDIUM
Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via gwolle_gb_content Parameter
CVSS 6.1
CVE-2025-4406
MEDIUM
wpForo Forum < 2.4.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-6976
MEDIUM
Events Manager <= 7.0.3 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2025-6975
MEDIUM
Events Manager <= 7.0.3 - Unauthenticated Reflected XSS via Calendar Header
CVSS 6.1
CVE-2025-52357
MEDIUM
FiberHome FD602GW-DX-R410 V2.2.14 - XSS
CVSS 4.1
CVE-2025-53658
MEDIUM
Jenkins Applitools Eyes Plugin <1.16.5 - XSS
CVSS 5.4
CVE-2025-7059
MEDIUM
Simple Featured Image <= 1.3.1 - Authenticated Stored Cross-Site Scripting via Slideshow Parameter
CVSS 6.4
CVE-2025-5678
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.5.11 - Authenticated Stored Cross-Site Scripting via redirectURL Parameter
CVSS 6.4
CVE-2025-49547
MEDIUM
Adobe Experience Manager < FP11.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-49534
MEDIUM
Adobe Experience Manager < FP11.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
Details
Vulnerabilities
45,143
Exploit Likelihood
High