CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,147 vulnerabilities with CWE-79
CVE-2025-50014 MEDIUM
iamapinan PDPA Consent for Thailand <1.1.1. - XSS
CVSS 5.9
CVE-2025-50013 MEDIUM
Jason Judge CSV Importer <0.6.1 - XSS
CVSS 5.9
CVE-2025-50012 MEDIUM
Inventory Presser <= 15.2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50011 MEDIUM
Recipes manager - WPH <=1.0.4 - XSS
CVSS 5.9
CVE-2025-49873 HIGH
Elessi <= 6.3.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-6340 LOW
School Fees Payment System 1.0 - XSS
CVSS 3.5
CVE-2025-6257 MEDIUM
Euro FxRef Currency Converter <2.0.2 - XSS
CVSS 6.4
CVE-2025-5125 MEDIUM
Custom Post Carousels with Owl < 1.4.12 - Stored Cross-Site Scripting via data-featherlight Attribute
CVSS 4.8
CVE-2025-6301 LOW
PHPGurukul Notice Board System 1.0 - XSS
CVSS 2.4
CVE-2025-6288 LOW
PHPGurukul Bus Pass Management System 1.0 - XSS
CVSS 2.4
CVE-2025-6287 LOW
PHPGurukul COVID19 Testing Management System 1.0 - XSS
CVSS 3.5
CVE-2025-6285 MEDIUM
PHPGurukul COVID19 Testing Management System 2021 - XSS
CVSS 4.3
CVE-2025-6268 MEDIUM
Luna Imaging <= 7.5.5.6 - Cross-Site Scripting via Search Query Parameter
CVSS 4.3
CVE-2025-5234 MEDIUM
Gutenverse News < 1.0.4 - Authenticated Stored Cross-Site Scripting via elementId Parameter
CVSS 6.4
CVE-2025-4965 MEDIUM
WPBakery Page Builder < 8.4.1 - Authenticated Stored Cross-Site Scripting via Grid Builder
CVSS 6.4
CVE-2025-5490 MEDIUM
Football Pool WordPress <2.12.4 - XSS
CVSS 5.5
CVE-2025-5524 MEDIUM
OceanWP <= 4.0.9 - Authenticated Stored Cross-Site Scripting via Select HTML Tag
CVSS 4.9
CVE-2025-4479 MEDIUM
ElementsKit Elementor Addons < 3.5.3 - Authenticated Stored Cross-Site Scripting via Image Comparison Widget Labels
CVSS 6.4
CVE-2025-6201 MEDIUM
Pixel Manager for WooCommerce < 1.49.0 - Authenticated Stored Cross-Site Scripting via Conversion Pixel
CVSS 6.4
CVE-2025-50183 MEDIUM
OpenList Frontend <4.0.0-rc.4 - Stored XSS
CVSS 6.5
CVE-2025-23169 MEDIUM
Versa Director 21.2.2 21.2.3 22.1.1-22.1.4 - Stored Cross-Site Scripting in UI Customization
CVSS 6.1
CVE-2025-1349 MEDIUM
IBM Sterling B2B Integrator and Sterling File Gateway 6.0.0.0-6.1.2.6 and 6.2.0.0-6.2.0.4 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-45786 HIGH
Real Estate Management 1.0 - Cross-Site Scripting in /store/index.php
CVSS 8.1
CVE-2025-45661 MEDIUM
miniTCG 1.3.1 beta - Cross-Site Scripting via id Parameter
CVSS 5.9
CVE-2025-5237 MEDIUM
Target Video Easy Publish <3.8.5 - XSS
CVSS 6.4
Details
Vulnerabilities 45,147
Exploit Likelihood High