CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,157 vulnerabilities with CWE-79
CVE-2025-4583
MEDIUM
Smash Balloon Social Photo Feed - Stored XSS
CVSS 5.4
CVE-2025-27706
LOW
Absolute Secure Access < 13.54 - Authenticated Stored Cross-Site Scripting in Management Console
CVSS 3.4
CVE-2025-31501
HIGH
Request Tracker 4.4.0-4.4.8 - Cross-Site Scripting via RT Permalink
CVSS 7.2
CVE-2025-31500
HIGH
Request Tracker 5.0-5.0.7 - Cross-Site Scripting via Asset Name
CVSS 7.2
CVE-2025-30087
HIGH
Best Practical RT <4.4.7, 5.0.7 - XSS
CVSS 7.2
CVE-2025-1461
MEDIUM
Vuetify 2.0.0-2.99.9 - Cross-Site Scripting in VCalendar eventMoreText Property
CVSS 5.6
CVE-2025-40651
MEDIUM
Real Easy Store - Reflected Cross-Site Scripting via Search Keyword Parameter
CVE-2025-4963
MEDIUM
The Ultimate WordPress Toolkit - WP Extended <= 3.0.15 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-5082
MEDIUM
WP Attachments <= 5.0.12 - Unauthenticated Reflected Cross-Site Scripting via attachment_id Parameter
CVSS 6.1
CVE-2025-5198
MEDIUM
Red Hat Advanced Cluster Security - Stored Cross-Site Scripting via Kubernetes Role Name
CVSS 5.0
CVE-2025-46173
MEDIUM
Online Exam Mastering System 1.0 - Stored Cross-Site Scripting via Feedback Form Name Field
CVSS 6.1
CVE-2025-3704
MEDIUM
DBAR Productions Volunteer Sign Up Sheets <5.5.5 - XSS
CVSS 5.9
CVE-2025-4682
MEDIUM
Essential Blocks < 5.4.0 - Authenticated Stored Cross-Site Scripting via Slider and Post Carousel Widgets
CVSS 6.4
CVE-2025-4783
MEDIUM
Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated Stored Cross-Site Scripting via Countdown Timer Widget
CVSS 6.4
CVE-2025-40663
MEDIUM
i2A Cronos 23.02.01.17 - Authenticated Stored Cross-Site Scripting via SVG Image Upload
CVE-2025-40652
MEDIUM
CoverManager - Stored Cross-Site Scripting
CVE-2025-5181
LOW
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Cross-Site Scripting via spgLsTitle Parameter
CVSS 3.5
CVE-2025-5179
LOW
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Name/Usurio Argument
CVSS 2.4
CVE-2025-5177
MEDIUM
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Admin Login Page Usurio Parameter
CVSS 4.3
CVE-2025-1985
MEDIUM
Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and LB8122A.1.EL < V1.3.13 - Stored XSS in Web-UI
CVSS 6.1
CVE-2025-5153
LOW
CMS Made Simple 2.2.21 - Cross-Site Scripting in Design Manager Module
CVSS 3.5
CVE-2025-5138
LOW
Bitwarden < 2.25.1 - Cross-Site Scripting in PDF File Handler
CVSS 3.5
CVE-2025-5135
LOW
Tmall Demo < 2025-05-05 - Cross-Site Scripting via Product Name/Product Title
CVSS 2.4
CVE-2025-5134
LOW
Tmall Demo < 2025-05-05 - Cross-Site Scripting via Buy Item Page Detailed Address Parameter
CVSS 3.5
CVE-2025-5133
MEDIUM
Tmall Demo < 2025-05-05 - Cross-Site Scripting in Search Box
CVSS 4.3
Details
Vulnerabilities
45,157
Exploit Likelihood
High