CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,173 vulnerabilities with CWE-79
CVE-2025-2069
MEDIUM
FileZ Client < 11.0.0.10 - Cross-Site Scripting via Crafted URL
CVSS 5.0
CVE-2025-46618
LOW
JetBrains TeamCity <2025.03.1 - XSS
CVSS 3.5
CVE-2025-3643
MEDIUM
Moodle < 4.1.18 - Reflected Cross-Site Scripting in Policy Tool Return URL
CVSS 5.4
CVE-2025-2986
MEDIUM
IBM Maximo Asset Mgmt <7.6.1.3 - XSS
CVSS 5.5
CVE-2025-3870
MEDIUM
1 Decembrie 1918 <1.dec.2012 - CSRF
CVSS 6.1
CVE-2025-46482
MEDIUM
MyThemeShop WP Quiz <= 2.0.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-3868
MEDIUM
Custom Admin-Bar Favorites <0.1 - XSS
CVSS 6.1
CVE-2025-3867
MEDIUM
Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting via acform_cst_settings Page
CVSS 6.1
CVE-2025-3866
MEDIUM
WordPress Add Google +1 <1.0.0 - CSRF
CVSS 6.1
CVE-2025-2580
MEDIUM
The Contact Form by Bit Form plugin - WordPress <2.18.3 - XSS
CVSS 4.9
CVE-2025-0671
MEDIUM
Icegram Express < 5.7.50 - Authenticated Stored Cross-Site Scripting in Template Settings
CVSS 6.1
CVE-2025-3752
MEDIUM
Able Player < 1.2.1 - Authenticated Stored Cross-Site Scripting via Preload Parameter
CVSS 6.4
CVE-2025-46595
MEDIUM
Backdrop CMS Flag < 1.x-3.6.2 - Cross-Site Scripting via Flag Link Injection
CVSS 6.4
CVE-2025-46545
MEDIUM
Sherpa Orchestrator 141851 - Stored Cross-Site Scripting via License Name Parameter
CVSS 4.4
CVE-2025-3749
MEDIUM
WordPress Breeze Display <1.2.3 - XSS
CVSS 6.4
CVE-2025-1294
HIGH
eForm - WordPress Form Builder <4.18.0 - XSS
CVSS 7.2
CVE-2025-43861
MEDIUM
ManageWiki < 2025-04-24 - Authenticated Stored Cross-Site Scripting in Review Dialog
CVSS 4.4
CVE-2025-46542
MEDIUM
ThemeXpert Xpert Tab <= 1.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46541
MEDIUM
WP-reCAPTCHA-bp <= 4.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46540
MEDIUM
GNA Search Shortcode <= 0.9.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46538
MEDIUM
webplanetsoft Inline Text Popup <1.0.0 - XSS
CVSS 6.5
CVE-2025-46536
MEDIUM
Carousel-of-post-images <1.07 - XSS
CVSS 6.5
CVE-2025-46534
MEDIUM
DanielRiera Image Style Hover <1.0.7 - XSS
CVSS 6.5
CVE-2025-46533
MEDIUM
Landing pages and Domain aliases for WordPress <= 0.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46532
MEDIUM
Haris Zulfiqar Tooltip <1.0.1 - XSS
CVSS 6.5
Details
Vulnerabilities
45,173
Exploit Likelihood
High