CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,190 vulnerabilities with CWE-79
CVE-2025-46260
MEDIUM
Sky Addons for Elementor <= 3.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46234
HIGH
Habibur Rahman Razib Control Listings <1.0.4.1 - XSS
CVSS 7.1
CVE-2025-39408
HIGH
EverPress BruteGuard < 0.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39400
HIGH
User Registration < 4.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39397
HIGH
Anything Popup <= 7.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39382
HIGH
danielpataki ACF: Google Font Selector <3.0.1 - XSS
CVSS 7.1
CVE-2025-29568
MEDIUM
Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via class Parameter
CVSS 4.8
CVE-2025-3832
MEDIUM
FuseDesk plugin - WordPress <6.7 - XSS
CVSS 6.4
CVE-2025-2579
MEDIUM
Lottie Player < 1.1.8 - Authenticated Stored Cross-Site Scripting via File Uploads
CVSS 6.4
CVE-2025-2543
MEDIUM
Advanced Accordion Gutenberg Block <5.0.1 - XSS
CVSS 6.4
CVE-2025-1453
MEDIUM
Category Posts Widget < 4.9.20 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2025-3435
MEDIUM
Mang Board WP <= 1.8.6 - Authenticated Stored Cross-Site Scripting via board_header and board_footer Parameters
CVSS 4.4
CVE-2025-3902
MEDIUM
Drupal Block Class 4.0.0-4.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-3901
MEDIUM
Drupal Bootstrap Site Alert <1.13.0-3.0.4 - XSS
CVSS 6.1
CVE-2025-3900
MEDIUM
Colorbox < 2.1.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2767
CRITICAL
Arista NG Firewall - Remote Code Execution via User-Agent HTTP Header
CVSS 9.6
CVE-2025-29526
MEDIUM
Q4 Inc Investor Relations Platform <5.147.1.2 - XSS
CVSS 6.1
CVE-2025-2703
MEDIUM
Grafana 11.2.0-11.6.0 - Authenticated DOM Cross-Site Scripting via XY Chart Panel
CVSS 6.8
CVE-2025-1054
MEDIUM
UiCore Elements - WordPress <1.0.16 - XSS
CVSS 6.4
CVE-2025-26159
MEDIUM
laravel-starter < 11.11.0 - Stored Cross-Site Scripting in Tags Feature
CVSS 6.1
CVE-2025-43952
MEDIUM
Mettler Toledo FreeWeight.Net <8.4.0 - XSS
CVSS 6.1
CVE-2025-32961
MEDIUM
Com.haulmont.addon.jpawebapi Jpawebapi-jpawebapi < 1.1.1 - XSS
CVSS 6.4
CVE-2025-32960
MEDIUM
CUBA REST API < 7.2.7 - Stored Cross-Site Scripting via File Path Manipulation
CVSS 6.4
CVE-2025-32951
MEDIUM
Haulmont Cuba Platform < 7.2.23 - XSS
CVSS 6.4
CVE-2025-23175
MEDIUM
TCExam - Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities
45,190
Exploit Likelihood
High