CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,165 vulnerabilities with CWE-79
CVE-2025-1626
MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting in Countdown Block Options
CVSS 5.4
CVE-2025-1625
MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting via Counter Block Options
CVSS 5.4
CVE-2025-2892
MEDIUM
All in One SEO < 4.8.1.1 - Authenticated Stored XSS via Post Meta
CVSS 6.4
CVE-2025-4862
MEDIUM
PHPGurukul Directory Management System 2.0 - Cross-Site Scripting via searchdata Parameter
CVSS 4.3
CVE-2025-3715
MEDIUM
Bold Page Builder <= 5.3.5 - Authenticated Stored Cross-Site Scripting via data-text Parameter
CVSS 6.4
CVE-2025-4860
LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via Static Pool Settings Page f_mac Parameter
CVSS 2.4
CVE-2025-4859
LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via MAC Bypass Settings Page
CVSS 2.4
CVE-2025-4858
LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via ARP Spoofing Prevention Page
CVSS 2.4
CVE-2025-4852
LOW
TOTOLINK A3002R 2.1.1-B20230720.1011 - Stored Cross-Site Scripting via VPN Page Comment Parameter
CVSS 2.4
CVE-2025-47931
MEDIUM
LibreNMS < 25.5.0 - Stored Cross-Site Scripting via Poller Groups Form Group Name Parameter
CVSS 6.1
CVE-2025-4669
MEDIUM
WP Booking Calendar <= 10.11.1 - Authenticated Stored Cross-Site Scripting via wpbc Shortcode
CVSS 6.4
CVE-2025-3888
MEDIUM
Jupiter X Core <= 4.8.12 - Authenticated Stored Cross-Site Scripting via SVG File Inclusion
CVSS 6.4
CVE-2025-4610
MEDIUM
WP-Members Membership Plugin <3.5.2 - XSS
CVSS 6.4
CVE-2025-4805
MEDIUM
WatchGuard Fireware OS <12.11.1 - XSS
CVE-2025-4804
MEDIUM
WatchGuard Fireware OS <12.11.1 - XSS
CVE-2025-48135
MEDIUM
Aptivada for WP <= 2.0.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48132
MEDIUM
X Addons for Elementor <= 1.0.16 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48131
MEDIUM
UltraAddons Elementor Lite <2.0.0 - XSS
CVSS 6.5
CVE-2025-48121
MEDIUM
WP Notes Widget <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48113
MEDIUM
Broadstreet Ads <= 1.51.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48112
HIGH
Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48080
MEDIUM
Uncanny Owl Uncanny Toolkit for LearnDash <3.7.0.2 - XSS
CVSS 6.5
CVE-2025-47557
MEDIUM
MapSVG <= 8.5.31 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46464
MEDIUM
scripteo Ads Pro Plugin <= 5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39537
HIGH
Chimpstudio WP JobHunt - Auth Bypass
CVSS 7.1
Details
Vulnerabilities
45,165
Exploit Likelihood
High