CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,173 vulnerabilities with CWE-79
CVE-2025-46459
MEDIUM
Ralf Hortt Confirm User Registration <2.1.5 - XSS
CVSS 5.9
CVE-2025-46453
MEDIUM
Zoho Creator Forms < 1.0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46451
MEDIUM
Syed Balkhi Floating Social Bar <1.1.7 - XSS
CVSS 5.9
CVE-2025-46449
HIGH
Novium WoWHead Tooltips <2.0.1 - XSS
CVSS 7.1
CVE-2025-46447
MEDIUM
Fable Extra <= 1.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-46445
MEDIUM
pReya External Markdown <0.0.1 - XSS
CVSS 6.5
CVE-2025-46438
MEDIUM
warmwhisky GTDB Guitar Tuners <4.2.2 - XSS
CVSS 6.5
CVE-2025-46261
MEDIUM
Seriously Simple Podcasting <3.9.0 - XSS
CVSS 5.9
CVE-2025-46260
MEDIUM
Sky Addons for Elementor <= 3.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46234
HIGH
Habibur Rahman Razib Control Listings <1.0.4.1 - XSS
CVSS 7.1
CVE-2025-39408
HIGH
EverPress BruteGuard < 0.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39400
HIGH
User Registration < 4.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39397
HIGH
Anything Popup <= 7.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39382
HIGH
danielpataki ACF: Google Font Selector <3.0.1 - XSS
CVSS 7.1
CVE-2025-29568
MEDIUM
Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via class Parameter
CVSS 4.8
CVE-2025-3832
MEDIUM
FuseDesk plugin - WordPress <6.7 - XSS
CVSS 6.4
CVE-2025-2579
MEDIUM
Lottie Player < 1.1.8 - Authenticated Stored Cross-Site Scripting via File Uploads
CVSS 6.4
CVE-2025-2543
MEDIUM
Advanced Accordion Gutenberg Block <5.0.1 - XSS
CVSS 6.4
CVE-2025-1453
MEDIUM
Category Posts Widget < 4.9.20 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2025-3435
MEDIUM
Mang Board WP <= 1.8.6 - Authenticated Stored Cross-Site Scripting via board_header and board_footer Parameters
CVSS 4.4
CVE-2025-3902
MEDIUM
Drupal Block Class 4.0.0-4.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-3901
MEDIUM
Drupal Bootstrap Site Alert <1.13.0-3.0.4 - XSS
CVSS 6.1
CVE-2025-3900
MEDIUM
Colorbox < 2.1.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2767
CRITICAL
Arista NG Firewall - Remote Code Execution via User-Agent HTTP Header
CVSS 9.6
CVE-2025-29526
MEDIUM
Q4 Inc Investor Relations Platform <5.147.1.2 - XSS
CVSS 6.1
Details
Vulnerabilities
45,173
Exploit Likelihood
High