CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,173 vulnerabilities with CWE-79
CVE-2025-47201
MEDIUM
Intrexx Portal Server < 12.0.4 - Cross-Site Scripting via Velocity Scripts
CVSS 4.4
CVE-2025-3514
LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3513
LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3488
MEDIUM
WPML 3.6.0-4.7.3 - Authenticated Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVSS 6.4
CVE-2025-3858
MEDIUM
Formality <= 1.5.8 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2025-3748
MEDIUM
Taxonomy Chain Menu <= 1.0.8 - Authenticated Stored Cross-Site Scripting via pn_chain_menu Shortcode
CVSS 6.4
CVE-2025-3510
MEDIUM
tagDiv Composer < 5.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-4131
MEDIUM
GmapsMania <= 1.1 - Authenticated Stored Cross-Site Scripting via gmap Shortcode
CVSS 6.4
CVE-2025-3670
MEDIUM
KiwiChat NextClient <= 6.2 - Authenticated Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-3890
MEDIUM
WordPress Simple Shopping Cart <= 5.1.3 - Authenticated Stored Cross-Site Scripting via wp_cart_button Shortcode
CVSS 6.4
CVE-2025-1529
MEDIUM
WordPress AM LottiePlayer <3.5.3 - XSS
CVSS 6.4
CVE-2025-4100
MEDIUM
Nautic Pages <= 2.0 - Authenticated Stored Cross-Site Scripting via np_marinetraffic_map Shortcode
CVSS 6.4
CVE-2025-3504
MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting in Map Settings
CVSS 4.8
CVE-2025-3503
MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting via Map Settings
CVSS 4.8
CVE-2025-3502
MEDIUM
WP Maps < 4.7.2 - Authenticated Stored Cross-Site Scripting in Map Settings
CVSS 4.8
CVE-2025-4099
MEDIUM
List Children <= 2.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-46558
CRITICAL
XWiki 8.2-8.9 - Stored Cross-Site Scripting via Markdown HTML Import
CVSS 9.0
CVE-2025-45015
MEDIUM
PHPGurukul Park Ticketing Management System 2.0 - Stored XSS via foreigner-bwdates-reports-details.php
CVSS 6.1
CVE-2025-45007
MEDIUM
PHPGurukul Timetable Generator System 1.0 - Reflected Cross-Site Scripting via adminname Parameter
CVSS 4.8
CVE-2025-46550
MEDIUM
YesWiki < 4.5.4 - Reflected Cross-Site Scripting via BazaR Endpoint idformulaire Parameter
CVSS 4.3
CVE-2025-46549
MEDIUM
YesWiki < 4.5.4 - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2025-4075
MEDIUM
VMSMan < 20250416 - Cross-Site Scripting via Email Parameter in Login Page
CVSS 4.3
CVE-2025-46350
LOW
YesWiki < 4.5.4 - Reflected Cross-Site Scripting
CVSS 3.5
CVE-2025-46349
HIGH
YesWiki < 4.5.4 - Unauthenticated Reflected Cross-Site Scripting via File Upload Form
CVSS 7.6
CVE-2025-46346
MEDIUM
YesWiki < 4.5.4 - Stored Cross-Site Scripting via Comment Input
CVSS 5.4
Details
Vulnerabilities
45,173
Exploit Likelihood
High