CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,157 vulnerabilities with CWE-79
CVE-2025-46456
HIGH
Theme Blvd Sliders <= 1.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46448
HIGH
reifsnyderb Document Management System <1.24 - XSS
CVSS 7.1
CVE-2025-46446
HIGH
ivanrojas Libro de Reclamaciones <1.0.1 - XSS
CVSS 7.1
CVE-2025-46440
HIGH
Mark kStats Reloaded <= 0.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46437
HIGH
Tayori Form <= 1.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39505
HIGH
Goodlayers Hotel <= 3.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39502
HIGH
Goodlayers Hostel <= 3.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32285
HIGH
ApusTheme Butcher < 2.54 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31636
HIGH
SaurabhSharma WP Post Modules for Elementor <2.5.0 - XSS
CVSS 7.1
CVE-2025-1123
HIGH
Solid Mail <= 2.1.5 - Unauthenticated Stored XSS via Email Name/Subject/Body
CVSS 7.2
CVE-2025-3894
MEDIUM
MegaBIP < 5.19 - Authenticated Stored Cross-Site Scripting in Text Editor
CVE-2025-4379
MEDIUM
DobryCMS < 2.* - Reflected Cross-Site Scripting via szukaj Parameter
CVE-2025-5096
MEDIUM
TablePress <= 3.1.2 - Authenticated DOM-Based Stored Cross-Site Scripting via Data Attributes
CVSS 6.4
CVE-2025-4594
MEDIUM
Tournamatch <= 4.6.1 - Authenticated Stored Cross-Site Scripting via 'trn-ladder-registration-button' Shortcode
CVSS 6.4
CVE-2025-48369
MEDIUM
Group-Office <6.8.119, 25.0.20 - XSS
CVSS 5.4
CVE-2025-48368
MEDIUM
Group-Office <6.8.119,25.0.20 - XSS
CVSS 5.4
CVE-2025-48366
MEDIUM
Group-Office <6.8.119 and 25.0.20 - XSS
CVSS 5.4
CVE-2025-33138
MEDIUM
IBM Aspera Faspex 5.0.0-5.0.12 - HTML Injection
CVSS 5.4
CVE-2025-4405
MEDIUM
Hot Random Image <= 1.9.2 - Authenticated Stored Cross-Site Scripting via Link Parameter
CVSS 4.9
CVE-2025-4123
HIGH
Grafana < 10.4.18 - XSS
CVSS 7.6
CVE-2025-4133
MEDIUM
Blog2Social < 8.4.0 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 5.4
CVE-2025-5062
MEDIUM
WooCommerce <= 9.4.2 - Unauthenticated PostMessage-Based Cross-Site Scripting via Customize-Store Page
CVSS 6.1
CVE-2025-45755
MEDIUM
vtiger CRM Open Source Edition 8.3.0 - Stored Cross-Site Scripting via Services Import CSV
CVSS 6.1
CVE-2025-2261
HIGH
TIBCO ActiveMatrix Administrator - XSS
CVE-2025-4415
MEDIUM
Piwik PRO < 1.3.2 - Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities
45,157
Exploit Likelihood
High