CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,190 vulnerabilities with CWE-79
CVE-2025-3458
MEDIUM
Ocean Extra <= 2.4.6 - Authenticated Stored Cross-Site Scripting via ocean_gallery_id Parameter
CVSS 6.4
CVE-2025-3457
MEDIUM
Ocean Extra < 2.4.6 - Authenticated Stored Cross-Site Scripting via oceanwp_icon Shortcode
CVSS 6.4
CVE-2025-46254
MEDIUM
Visual Composer Website Builder <= 45.10.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46253
MEDIUM
GutenKit <= 2.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46250
MEDIUM
VPSUForm <= 3.1.14 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46240
MEDIUM
Jeff Starr Simple Download Counter <2.2 - XSS
CVSS 6.5
CVE-2025-46239
MEDIUM
Jeff Starr Theme Switcha <3.4 - XSS
CVSS 6.5
CVE-2025-46238
MEDIUM
rbaer List Last Changes <1.2.1 - XSS
CVSS 6.5
CVE-2025-46237
MEDIUM
Yannick Lefebvre Link Library <7.8 - XSS
CVSS 6.5
CVE-2025-46236
MEDIUM
Link Software LLC HTML Forms <1.5.2 - XSS
CVSS 6.5
CVE-2025-46235
MEDIUM
sonalsinha21 SKT Blocks - Gutenberg <2.0 - XSS
CVSS 6.5
CVE-2025-46233
MEDIUM
Sirv <= 7.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46229
MEDIUM
Textmetrics <= 3.6.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46228
MEDIUM
Bastien Ho Event post <5.9.11 - XSS
CVSS 6.5
CVE-2025-46227
MEDIUM
Brecht Custom Related Posts <1.7.4 - XSS
CVSS 6.5
CVE-2025-46226
MEDIUM
ferranfg MPL-Publisher <2.18.0 - XSS
CVSS 6.5
CVE-2025-46225
MEDIUM
Post in page for Elementor <= 1.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-3814
MEDIUM
Tax Switch for WooCommerce <1.4.2 - XSS
CVSS 6.4
CVE-2025-2839
MEDIUM
WP Import Export Lite <= 3.9.27 - Authenticated Stored Cross-Site Scripting via wpiePreviewData Function
CVSS 6.4
CVE-2025-28102
MEDIUM
flaskBlog 2.6.1 - Stored Cross-Site Scripting via Post Content Parameter
CVSS 6.1
CVE-2025-28121
MEDIUM
Online Exam Mastering System 1.0 - Cross-Site Scripting via Feedback q Parameter
CVSS 6.1
CVE-2025-3840
LOW
Saviynt OVA based Connect - Cross-Site Scripting via Login Form Action Parameter
CVE-2025-43954
MEDIUM
QMarkdown < 2.0.5 - Cross-Site Scripting via Headers
CVSS 4.9
CVE-2025-3826
LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtsupplier_name/txtaddress Parameter
CVSS 2.4
CVE-2025-3825
LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via txtcategory_name Parameter
CVSS 2.4
Details
Vulnerabilities
45,190
Exploit Likelihood
High