CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,147 vulnerabilities with CWE-79
CVE-2025-50014
MEDIUM
iamapinan PDPA Consent for Thailand <1.1.1. - XSS
CVSS 5.9
CVE-2025-50013
MEDIUM
Jason Judge CSV Importer <0.6.1 - XSS
CVSS 5.9
CVE-2025-50012
MEDIUM
Inventory Presser <= 15.2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50011
MEDIUM
Recipes manager - WPH <=1.0.4 - XSS
CVSS 5.9
CVE-2025-49873
HIGH
Elessi <= 6.3.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-6340
LOW
School Fees Payment System 1.0 - XSS
CVSS 3.5
CVE-2025-6257
MEDIUM
Euro FxRef Currency Converter <2.0.2 - XSS
CVSS 6.4
CVE-2025-5125
MEDIUM
Custom Post Carousels with Owl < 1.4.12 - Stored Cross-Site Scripting via data-featherlight Attribute
CVSS 4.8
CVE-2025-6301
LOW
PHPGurukul Notice Board System 1.0 - XSS
CVSS 2.4
CVE-2025-6288
LOW
PHPGurukul Bus Pass Management System 1.0 - XSS
CVSS 2.4
CVE-2025-6287
LOW
PHPGurukul COVID19 Testing Management System 1.0 - XSS
CVSS 3.5
CVE-2025-6285
MEDIUM
PHPGurukul COVID19 Testing Management System 2021 - XSS
CVSS 4.3
CVE-2025-6268
MEDIUM
Luna Imaging <= 7.5.5.6 - Cross-Site Scripting via Search Query Parameter
CVSS 4.3
CVE-2025-5234
MEDIUM
Gutenverse News < 1.0.4 - Authenticated Stored Cross-Site Scripting via elementId Parameter
CVSS 6.4
CVE-2025-4965
MEDIUM
WPBakery Page Builder < 8.4.1 - Authenticated Stored Cross-Site Scripting via Grid Builder
CVSS 6.4
CVE-2025-5490
MEDIUM
Football Pool WordPress <2.12.4 - XSS
CVSS 5.5
CVE-2025-5524
MEDIUM
OceanWP <= 4.0.9 - Authenticated Stored Cross-Site Scripting via Select HTML Tag
CVSS 4.9
CVE-2025-4479
MEDIUM
ElementsKit Elementor Addons < 3.5.3 - Authenticated Stored Cross-Site Scripting via Image Comparison Widget Labels
CVSS 6.4
CVE-2025-6201
MEDIUM
Pixel Manager for WooCommerce < 1.49.0 - Authenticated Stored Cross-Site Scripting via Conversion Pixel
CVSS 6.4
CVE-2025-50183
MEDIUM
OpenList Frontend <4.0.0-rc.4 - Stored XSS
CVSS 6.5
CVE-2025-23169
MEDIUM
Versa Director 21.2.2 21.2.3 22.1.1-22.1.4 - Stored Cross-Site Scripting in UI Customization
CVSS 6.1
CVE-2025-1349
MEDIUM
IBM Sterling B2B Integrator and Sterling File Gateway 6.0.0.0-6.1.2.6 and 6.2.0.0-6.2.0.4 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-45786
HIGH
Real Estate Management 1.0 - Cross-Site Scripting in /store/index.php
CVSS 8.1
CVE-2025-45661
MEDIUM
miniTCG 1.3.1 beta - Cross-Site Scripting via id Parameter
CVSS 5.9
CVE-2025-5237
MEDIUM
Target Video Easy Publish <3.8.5 - XSS
CVSS 6.4
Details
Vulnerabilities
45,147
Exploit Likelihood
High