CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,155 vulnerabilities with CWE-79
CVE-2025-49076 MEDIUM
POSIMYTH Innovations The Plus Addons - XSS
CVSS 6.5
CVE-2025-49075 MEDIUM
PickPlugins Wishlist <= 1.0.43 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49074 MEDIUM
WidgetKit <= 2.5.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49068 MEDIUM
Ocean Extra <= 2.4.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49067 MEDIUM
Nasa Core < 6.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48329 HIGH
Daman Jeet Real Time Validation for Gravity Forms <1.7.0 - XSS
CVSS 7.1
CVE-2025-41367 MEDIUM
IDF v0.10.0-0C03-03 & ZLF v0.10.0-0C03-04 - XSS
CVE-2025-41364 MEDIUM
IDF v0.10.0-0C03-03 & ZLF v0.10.0-0C03-04 - XSS
CVE-2025-5757 LOW
Traffic Offense Reporting System 1.0 - Cross-Site Scripting via /save-reported.php Parameter Manipulation
CVSS 3.5
CVE-2025-5727 LOW
Student Result Management System 1.0 - Stored Cross-Site Scripting in Announcement Page Title Field
CVSS 2.4
CVE-2025-5703 MEDIUM
StageShow < 10.0.3 - Authenticated Stored Cross-Site Scripting via Anchor Parameter
CVSS 6.4
CVE-2025-5699 MEDIUM
WordPress Developer Formatter <2015.0.2.1 - XSS
CVSS 5.5
CVE-2025-5586 MEDIUM
WordPress Ajax Load More & Infinite Scroll <1.6.0 - XSS
CVSS 6.4
CVE-2025-5565 MEDIUM
Hide It <= 1.0.1 - Authenticated Stored Cross-Site Scripting via 'hideit' Shortcode
CVSS 6.4
CVE-2025-5541 MEDIUM
Runners Log <= 3.9.2 - Authenticated Stored Cross-Site Scripting via runnerslog Shortcode
CVSS 6.4
CVE-2025-5538 MEDIUM
BNS Featured Category <= 2.8.2 - Authenticated Stored Cross-Site Scripting via 'bnsfc' Shortcode
CVSS 6.4
CVE-2025-5536 MEDIUM
Freemind Viewer <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-5534 MEDIUM
WordPress ESV Bible Shortcode <1.0.2 - XSS
CVSS 6.4
CVE-2025-5533 MEDIUM
WordPress Knowledge Base <2.3.0 - XSS
CVSS 6.4
CVE-2025-5726 LOW
SourceCodester Student Result Management System 1.0 - Stored Cross-Site Scripting in Division System Page
CVSS 2.4
CVE-2025-5725 LOW
SourceCodester Student Result Management System 1.0 - Stored Cross-Site Scripting in Grading System Remark Field
CVSS 2.4
CVE-2025-5724 LOW
Student Result Management System 1.0 - Stored Cross-Site Scripting in Subjects Page
CVSS 2.4
CVE-2025-5723 LOW
Student Result Management System 1.0 - Stored Cross-Site Scripting in Classes Page Class Name Field
CVSS 2.4
CVE-2025-5722 LOW
Student Result Management System 1.0 - Stored Cross-Site Scripting in Academic Term Field
CVSS 2.4
CVE-2025-5721 LOW
Student Result Management System 1.0 - Stored Cross-Site Scripting in Profile Setting Page
CVSS 2.4
Details
Vulnerabilities 45,155
Exploit Likelihood High