CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,173 vulnerabilities with CWE-79
CVE-2025-47201 MEDIUM
Intrexx Portal Server < 12.0.4 - Cross-Site Scripting via Velocity Scripts
CVSS 4.4
CVE-2025-3514 LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3513 LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3488 MEDIUM
WPML 3.6.0-4.7.3 - Authenticated Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVSS 6.4
CVE-2025-3858 MEDIUM
Formality <= 1.5.8 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2025-3748 MEDIUM
Taxonomy Chain Menu <= 1.0.8 - Authenticated Stored Cross-Site Scripting via pn_chain_menu Shortcode
CVSS 6.4
CVE-2025-3510 MEDIUM
tagDiv Composer < 5.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-4131 MEDIUM
GmapsMania <= 1.1 - Authenticated Stored Cross-Site Scripting via gmap Shortcode
CVSS 6.4
CVE-2025-3670 MEDIUM
KiwiChat NextClient <= 6.2 - Authenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-3890 MEDIUM
WordPress Simple Shopping Cart <= 5.1.3 - Authenticated Stored Cross-Site Scripting via wp_cart_button Shortcode
CVSS 6.4
CVE-2025-1529 MEDIUM
WordPress AM LottiePlayer <3.5.3 - XSS
CVSS 6.4
CVE-2025-4100 MEDIUM
Nautic Pages <= 2.0 - Authenticated Stored Cross-Site Scripting via np_marinetraffic_map Shortcode
CVSS 6.4
CVE-2025-3504 MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting in Map Settings
CVSS 4.8
CVE-2025-3503 MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting via Map Settings
CVSS 4.8
CVE-2025-3502 MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting in Map Settings
CVSS 4.8
CVE-2025-4099 MEDIUM
List Children <= 2.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-46558 CRITICAL
XWiki 8.2-8.9 - Stored Cross-Site Scripting via Markdown HTML Import
CVSS 9.0
CVE-2025-45015 MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - Stored XSS via foreigner-bwdates-reports-details.php
CVSS 6.1
CVE-2025-45007 MEDIUM
PHPGurukul Timetable Generator System 1.0 - Reflected Cross-Site Scripting via adminname Parameter
CVSS 4.8
CVE-2025-46550 MEDIUM
YesWiki < 4.5.4 - Reflected Cross-Site Scripting via BazaR Endpoint idformulaire Parameter
CVSS 4.3
CVE-2025-46549 MEDIUM
YesWiki < 4.5.4 - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2025-4075 MEDIUM
VMSMan < 20250416 - Cross-Site Scripting via Email Parameter in Login Page
CVSS 4.3
CVE-2025-46350 LOW
YesWiki < 4.5.4 - Reflected Cross-Site Scripting
CVSS 3.5
CVE-2025-46349 HIGH
YesWiki < 4.5.4 - Unauthenticated Reflected Cross-Site Scripting via File Upload Form
CVSS 7.6
CVE-2025-46346 MEDIUM
YesWiki < 4.5.4 - Stored Cross-Site Scripting via Comment Input
CVSS 5.4
Details
Vulnerabilities 45,173
Exploit Likelihood High