CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-1626 MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting in Countdown Block Options
CVSS 5.4
CVE-2025-1625 MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting via Counter Block Options
CVSS 5.4
CVE-2025-2892 MEDIUM
All in One SEO < 4.8.1.1 - Authenticated Stored XSS via Post Meta
CVSS 6.4
CVE-2025-4862 MEDIUM
PHPGurukul Directory Management System 2.0 - Cross-Site Scripting via searchdata Parameter
CVSS 4.3
CVE-2025-3715 MEDIUM
Bold Page Builder <= 5.3.5 - Authenticated Stored Cross-Site Scripting via data-text Parameter
CVSS 6.4
CVE-2025-4860 LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via Static Pool Settings Page f_mac Parameter
CVSS 2.4
CVE-2025-4859 LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via MAC Bypass Settings Page
CVSS 2.4
CVE-2025-4858 LOW
D-Link DAP-2695 120b36r137_ALL_en_20210528 - Cross-Site Scripting via ARP Spoofing Prevention Page
CVSS 2.4
CVE-2025-4852 LOW
TOTOLINK A3002R 2.1.1-B20230720.1011 - Stored Cross-Site Scripting via VPN Page Comment Parameter
CVSS 2.4
CVE-2025-47931 MEDIUM
LibreNMS < 25.5.0 - Stored Cross-Site Scripting via Poller Groups Form Group Name Parameter
CVSS 6.1
CVE-2025-4669 MEDIUM
WP Booking Calendar <= 10.11.1 - Authenticated Stored Cross-Site Scripting via wpbc Shortcode
CVSS 6.4
CVE-2025-3888 MEDIUM
Jupiter X Core <= 4.8.12 - Authenticated Stored Cross-Site Scripting via SVG File Inclusion
CVSS 6.4
CVE-2025-4610 MEDIUM
WP-Members Membership Plugin <3.5.2 - XSS
CVSS 6.4
CVE-2025-4805 MEDIUM
WatchGuard Fireware OS <12.11.1 - XSS
CVE-2025-4804 MEDIUM
WatchGuard Fireware OS <12.11.1 - XSS
CVE-2025-48135 MEDIUM
Aptivada for WP <= 2.0.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48132 MEDIUM
X Addons for Elementor <= 1.0.16 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48131 MEDIUM
UltraAddons Elementor Lite <2.0.0 - XSS
CVSS 6.5
CVE-2025-48121 MEDIUM
WP Notes Widget <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48113 MEDIUM
Broadstreet Ads <= 1.51.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48112 HIGH
Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48080 MEDIUM
Uncanny Owl Uncanny Toolkit for LearnDash <3.7.0.2 - XSS
CVSS 6.5
CVE-2025-47557 MEDIUM
MapSVG <= 8.5.31 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46464 MEDIUM
scripteo Ads Pro Plugin <= 5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39537 HIGH
Chimpstudio WP JobHunt - Auth Bypass
CVSS 7.1
Details
Vulnerabilities 45,165
Exploit Likelihood High