CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,153 vulnerabilities with CWE-79
CVE-2025-4577
MEDIUM
Smash Balloon Social Post Feed < 4.3.1 - Authenticated Stored Cross-Site Scripting via Data-Color Attribute
CVSS 6.4
CVE-2025-2918
MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.3.3 - XSS
CVSS 6.4
CVE-2025-5742
MEDIUM
Schneider Electric EVLink WallBox - Authenticated Stored Cross-Site Scripting via Configuration Parameters
CVSS 5.4
CVE-2025-3905
MEDIUM
Schneider Electric Modicon Controllers M241/M251 < 5.3.12.51 and M258/LMC058 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-3899
MEDIUM
Modicon Controllers M241/M251 - Authenticated Stored Cross-Site Scripting in Certificates Page
CVSS 5.4
CVE-2025-3117
MEDIUM
Modicon Controllers M241/M251 < 5.3.12.51 and M262 < 5.3.9.18 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-3076
MEDIUM
Elementor Website Builder Pro <= 3.29.0 - Authenticated Stored Cross-Site Scripting via Button Text Parameter
CVSS 6.4
CVE-2025-42990
LOW
SAPUI5 applications - Cross-Site Scripting
CVSS 3.0
CVE-2025-31325
MEDIUM
SAP NetWeaver (ABAP Keyword Documentation) < SAP_BASIS 758 - XSS via Unprotected Parameter
CVSS 5.8
CVE-2025-23192
HIGH
SAP BusinessObjects Business Intelligence - Unauthenticated Stored Cross-Site Scripting in BI Workspace
CVSS 8.2
CVE-2025-49137
HIGH
PSU Haxcms-nodejs < 11.0.0 - Basic XSS
CVSS 8.5
CVE-2025-5887
LOW
jsnjfz WebStack-Guns 1.0 - Cross-Site Scripting via File Upload Argument
CVSS 3.5
CVE-2025-46041
MEDIUM
Anchor CMS 0.12.7 - Stored Cross-Site Scripting via Page Description Field
CVSS 5.4
CVE-2025-45002
MEDIUM
vigybag < 1.0 - Cross-Site Scripting via Profile Picture Upload
CVSS 5.4
CVE-2025-5886
LOW
emlog < 2.5.7 - Cross-Site Scripting via active_post Argument in /admin/article.php
CVSS 3.5
CVE-2025-48279
HIGH
WC MyParcel Belgium 4.5.5-beta - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48143
HIGH
Formulario de contacto SalesUp! <= 1.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47598
MEDIUM
History Log by click5 <= 1.0.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47487
HIGH
moreconvert MC Woocommerce Wishlist <1.9.1 - XSS
CVSS 7.1
CVE-2025-47477
HIGH
Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46178
MEDIUM
cloudclassroom-php_project - Stored Cross-Site Scripting via askquery.php eid Parameter
CVSS 6.1
CVE-2025-45055
MEDIUM
Silverpeas 6.4.2 - Authenticated Stored Cross-Site Scripting via SVG Event Attachment
CVSS 5.4
CVE-2025-39539
HIGH
quitenicestuff Soho Hotel <4.2.5 - XSS
CVSS 7.1
CVE-2025-32305
HIGH
WordPress FlatNews Theme <= 5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31925
HIGH
LambertGroup SHOUT <= 3.5.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,153
Exploit Likelihood
High