CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,145 vulnerabilities with CWE-79
CVE-2025-6674
MEDIUM
gabderrahim/ckeditor5_youtube < 1.0.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-5682
MEDIUM
Drupal Klaro Cookie & Consent Management < 3.0.7 - Cross-Site Scripting
CVSS 4.3
CVE-2025-48923
MEDIUM
Drupal Toc.Js < 3.2.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-48922
MEDIUM
Drupal GLightbox < 1.0.16 - Cross-Site Scripting
CVSS 6.1
CVE-2025-5966
HIGH
ManageEngine Exchange Reporter Plus <= 5722 - Stored Cross-Site Scripting in Attachments by Filename Report
CVSS 8.1
CVE-2025-5366
HIGH
ManageEngine Exchange Reporter Plus <= 5722 - Stored Cross-Site Scripting in Folder-wise Read Mails Report
CVSS 8.1
CVE-2025-6212
HIGH
Ultra Addons for Contact Form 7 <3.5.19 - XSS
CVSS 7.2
CVE-2025-5842
MEDIUM
WordPress Modern Design Library <1.1.4 - XSS
CVSS 6.4
CVE-2025-5338
MEDIUM
Royal Elementor Addons < 1.7.1028 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-6546
MEDIUM
WordPress Drive Folder Embedder <1.1.0 - XSS
CVSS 6.4
CVE-2025-6540
MEDIUM
web-cam <= 3.0 - Authenticated Stored Cross-Site Scripting via Slug Parameter
CVSS 6.4
CVE-2025-6537
MEDIUM
Namasha By Mdesign <= 1.2.00 - Authenticated Stored Cross-Site Scripting via playicon_title Parameter
CVSS 6.4
CVE-2025-5929
MEDIUM
The Countdown plugin for WordPress <= 2.0.1 - Authenticated Stored Cross-Site Scripting via clientId Parameter
CVSS 6.4
CVE-2025-5275
MEDIUM
Charitable < 1.8.6.2 - Authenticated Stored Cross-Site Scripting via Privacy Settings Fields
CVSS 4.4
CVE-2025-6538
MEDIUM
Post Rating and Review <1.3.4 - XSS
CVSS 6.4
CVE-2025-6383
MEDIUM
WP-PhotoNav <= 1.2.2 - Authenticated Stored Cross-Site Scripting via photonav Shortcode
CVSS 6.4
CVE-2025-6378
MEDIUM
Responsive Food and Drink Menu < 2.3 - Authenticated Stored Cross-Site Scripting via display_pdf_menus Shortcode
CVSS 6.4
CVE-2025-6290
MEDIUM
Tournament Bracket Generator <1.0.0 - XSS
CVSS 6.4
CVE-2025-6258
MEDIUM
WP SoundSystem <= 3.4.2 - Authenticated Stored Cross-Site Scripting via wpsstm-track Shortcode
CVSS 6.4
CVE-2025-5588
MEDIUM
Image Editor by Pixo <= 2.3.6 - Authenticated Stored Cross-Site Scripting via Download Parameter
CVSS 6.4
CVE-2025-5564
MEDIUM
GC Social Wall <= 1.15 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-5559
MEDIUM
TimeZoneCalculator <= 3.37 - Authenticated Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2025-5540
MEDIUM
WordPress Event RSVP & Simple Event Mgmt Plugin <4.1.0 - XSS
CVSS 6.4
CVE-2025-5535
MEDIUM
e.nigma buttons plugin <1.1.3 - XSS
CVSS 6.4
CVE-2025-5488
MEDIUM
WP Masonry & Infinite Scroll <2.2 - XSS
CVSS 6.4
Details
Vulnerabilities
45,145
Exploit Likelihood
High