CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,165 vulnerabilities with CWE-79
CVE-2025-39509
MEDIUM
TNC FlipBook <= 12.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32180
MEDIUM
QuanticaLabs CSS3 Tooltips <1.8 - Info Disclosure
CVSS 6.5
CVE-2025-40632
MEDIUM
Icewarp Mail Server 11.4.0 - Stored Cross-Site Scripting via LastLogin Cookie
CVSS 6.1
CVE-2025-3516
MEDIUM
Simple Lightbox < 2.9.4 - Authenticated Stored Cross-Site Scripting via Unsanitized Attributes
CVSS 5.9
CVE-2025-3201
MEDIUM
kali_forms < 2.4.3 - Authenticated Stored Cross-Site Scripting via Unsanitized Settings
CVSS 5.9
CVE-2025-4745
LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-4744
LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-4169
MEDIUM
Posts per Cat [Unmaintained] <1.4.2 - XSS
CVSS 6.4
CVE-2025-47929
LOW
DumbDrop <db27b25372eb9071e63583d8faed2111a2b79f1b - XSS
CVE-2025-47786
MEDIUM
emlog 2.5.13 - Stored Cross-Site Scripting via perpage_num Parameter
CVSS 4.8
CVE-2025-1454
MEDIUM
Ninja Pages < 1.4.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.4
CVE-2025-1303
MEDIUM
Plugin Oficial < 1.8.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-1289
MEDIUM
Plugin Oficial WordPress <1.7.3 - XSS
CVSS 4.8
CVE-2025-1286
MEDIUM
Download HTML TinyMCE Button < 1.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-1033
MEDIUM
Badgearoo < 1.0.14 - Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-0688
MEDIUM
WordPress Spiritual Gifts Survey <0.9.10 - XSS
CVSS 6.1
CVE-2025-0687
MEDIUM
Spirituual Gifts Survey <0.9.10 - XSS
CVSS 6.1
CVE-2025-0329
MEDIUM
AI ChatBot for WordPress <6.2.4 - XSS
CVSS 4.8
CVE-2025-44110
MEDIUM
FluxBB 1.5.11 - Stored Cross-Site Scripting via Forum Description Field
CVSS 5.4
CVE-2025-1647
MEDIUM
Bootstrap 3.4.1-4.0.0 - Cross-Site Scripting
CVSS 5.6
CVE-2025-48051
MEDIUM
Lichess powertip.ts < 2025-03-27 - Cross-Site Scripting via innerHTML DOM Node Text Extraction
CVSS 4.7
CVE-2025-3440
MEDIUM
IBM Security Guardium 11.5 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-44183
MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Profile Parameters
CVSS 6.1
CVE-2025-44182
MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Edit Vehicle Parameters
CVSS 6.1
CVE-2025-44181
MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Brand Name Parameter
CVSS 6.1
Details
Vulnerabilities
45,165
Exploit Likelihood
High