CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,145 vulnerabilities with CWE-79
CVE-2025-27361
HIGH
Photo Express for Google <= 0.3.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-25173
HIGH
FastBook <= 1.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-24774
HIGH
WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23973
HIGH
SpecFit-Virtual Try On Woocommerce <7.0.6 - XSS
CVSS 7.1
CVE-2025-5398
MEDIUM
Ninja Forms < 3.10.2.1 - Authenticated Stored Cross-Site Scripting via Templating Engine
CVSS 6.4
CVE-2025-6689
MEDIUM
FL3R Accessibility Suite <= 1.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6550
MEDIUM
The Pack Elementor addon plugin <2.1.4 - XSS
CVSS 6.4
CVE-2025-5940
MEDIUM
Osom Blocks < 1.2.1 - Authenticated Stored Cross-Site Scripting via Class Name Parameter
CVSS 6.4
CVE-2025-4587
MEDIUM
WordPress A/B Testing <1.18.2 - XSS
CVSS 6.4
CVE-2025-5194
MEDIUM
WP Map Block < 2.0.3 - Stored Cross-Site Scripting via Block Options
CVSS 4.8
CVE-2025-5093
MEDIUM
Responsive Lightbox & Gallery <2.5.2 - XSS
CVSS 5.4
CVE-2025-5035
MEDIUM
Firelight Lightbox WP <2.3.16 - XSS
CVSS 5.4
CVE-2025-6488
MEDIUM
isMobile plugin - WordPress <1.1.1 - XSS
CVSS 6.4
CVE-2025-53121
MEDIUM
OpenNMS Horizon < 33.1.6 and Meridian < 2024.2.6 - Stored Cross-Site Scripting via Unsanitized Node Parameters
CVE-2025-6700
MEDIUM
xxl-sso 1.1.0 - Cross-Site Scripting via Error Message Parameter
CVSS 4.3
CVE-2025-6699
LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Nome/Sobrenome Parameter
CVSS 3.5
CVE-2025-44141
MEDIUM
Backdrop CMS 1.30 - Stored Cross-Site Scripting in Node Creation Form
CVSS 6.1
CVE-2025-6698
LOW
WeGIA 3.4.0 - Cross-Site Scripting via Insira o novo tipo Parameter
CVSS 3.5
CVE-2025-6697
LOW
WeGIA 3.4.0 - Cross-Site Scripting via Adicionar tipo Insira o novo tipo Parameter
CVSS 3.5
CVE-2025-6696
LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Cadastro de Atendio Nome/Sobrenome Parameter
CVSS 3.5
CVE-2025-52902
HIGH
filebrowser < 2.33.7 - Stored Cross-Site Scripting in Markdown Preview
CVSS 7.6
CVE-2025-6695
LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Additional Categoria Input
CVSS 3.5
CVE-2025-6694
LOW
LabRedesCefetRJ WeGIA 3.4.0 - Cross-Site Scripting via Adicionar Unidade Component
CVSS 3.5
CVE-2025-6677
MEDIUM
Paragraphs table 2.0.0-2.0.5 - Cross-Site Scripting
CVSS 5.4
CVE-2025-6676
MEDIUM
Drupal Simple XML sitemap < 4.2.2 - Cross-Site Scripting
CVSS 5.4
Details
Vulnerabilities
45,145
Exploit Likelihood
High