CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-46456 HIGH
Theme Blvd Sliders <= 1.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46448 HIGH
reifsnyderb Document Management System <1.24 - XSS
CVSS 7.1
CVE-2025-46446 HIGH
ivanrojas Libro de Reclamaciones <1.0.1 - XSS
CVSS 7.1
CVE-2025-46440 HIGH
Mark kStats Reloaded <= 0.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46437 HIGH
Tayori Form <= 1.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39505 HIGH
Goodlayers Hotel <= 3.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39502 HIGH
Goodlayers Hostel <= 3.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32285 HIGH
ApusTheme Butcher < 2.54 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31636 HIGH
SaurabhSharma WP Post Modules for Elementor <2.5.0 - XSS
CVSS 7.1
CVE-2025-1123 HIGH
Solid Mail <= 2.1.5 - Unauthenticated Stored XSS via Email Name/Subject/Body
CVSS 7.2
CVE-2025-3894 MEDIUM
MegaBIP < 5.19 - Authenticated Stored Cross-Site Scripting in Text Editor
CVE-2025-4379 MEDIUM
DobryCMS < 2.* - Reflected Cross-Site Scripting via szukaj Parameter
CVE-2025-5096 MEDIUM
TablePress <= 3.1.2 - Authenticated DOM-Based Stored Cross-Site Scripting via Data Attributes
CVSS 6.4
CVE-2025-4594 MEDIUM
Tournamatch <= 4.6.1 - Authenticated Stored Cross-Site Scripting via 'trn-ladder-registration-button' Shortcode
CVSS 6.4
CVE-2025-48369 MEDIUM
Group-Office <6.8.119, 25.0.20 - XSS
CVSS 5.4
CVE-2025-48368 MEDIUM
Group-Office <6.8.119,25.0.20 - XSS
CVSS 5.4
CVE-2025-48366 MEDIUM
Group-Office <6.8.119 and 25.0.20 - XSS
CVSS 5.4
CVE-2025-33138 MEDIUM
IBM Aspera Faspex 5.0.0-5.0.12 - HTML Injection
CVSS 5.4
CVE-2025-4405 MEDIUM
Hot Random Image <= 1.9.2 - Authenticated Stored Cross-Site Scripting via Link Parameter
CVSS 4.9
CVE-2025-4123 HIGH
Grafana < 10.4.18 - XSS
CVSS 7.6
CVE-2025-4133 MEDIUM
Blog2Social < 8.4.0 - Authenticated Stored Cross-Site Scripting via Post Title
CVSS 5.4
CVE-2025-5062 MEDIUM
WooCommerce <= 9.4.2 - Unauthenticated PostMessage-Based Cross-Site Scripting via Customize-Store Page
CVSS 6.1
CVE-2025-45755 MEDIUM
vtiger CRM Open Source Edition 8.3.0 - Stored Cross-Site Scripting via Services Import CSV
CVSS 6.1
CVE-2025-2261 HIGH
TIBCO ActiveMatrix Administrator - XSS
CVE-2025-4415 MEDIUM
Piwik PRO < 1.3.2 - Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities 45,157
Exploit Likelihood High