CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,190 vulnerabilities with CWE-79
CVE-2025-3824
LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via txtprice/txtproduct_name Parameters
CVSS 2.4
CVE-2025-3823
LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via add-stock.php Parameters
CVSS 2.4
CVE-2025-3822
LOW
SourceCodester Web-based Pharmacy Product Management System 1.0 - XSS via changepassword.php
CVSS 2.4
CVE-2025-3821
LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via add-admin.php Input Fields
CVSS 2.4
CVE-2025-3806
LOW
dazhouda lecms <= 3.0.3 - Cross-Site Scripting in Edit Profile Handler
CVSS 2.4
CVE-2025-3801
LOW
songquanpeng one-api <= 0.6.10 - Cross-Site Scripting via Homepage Content/About System/Footer
CVSS 2.4
CVE-2025-3661
MEDIUM
SB Chart block <= 1.2.6 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-3809
HIGH
WordPress Debug Log Manager <2.3.4 - XSS
CVSS 7.2
CVE-2025-3275
MEDIUM
Themesflat Addons For Elementor <2.2.5 - XSS
CVSS 6.4
CVE-2025-1457
MEDIUM
Element Pack Addons for Elementor < 5.10.28 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-3795
LOW
DaiCuo 1.3.13 - Cross-Site Scripting in SEO Optimization Settings Section
CVSS 2.4
CVE-2025-29513
MEDIUM
NodeBB < 4.0.4 - Stored Cross-Site Scripting in Admin API Access Token Generator
CVSS 6.1
CVE-2025-29512
MEDIUM
NodeBB < 4.0.4 - Stored Cross-Site Scripting via Blacklist IP Functionality
CVSS 6.1
CVE-2025-3789
LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/area/save
CVSS 3.5
CVE-2025-3788
LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/user/save
CVSS 3.5
CVE-2025-3106
MEDIUM
LA-Studio Element Kit for Elementor < 1.4.9 - Authenticated Stored Cross-Site Scripting via Table of Contents Widget
CVSS 6.4
CVE-2025-3056
MEDIUM
WordPress Download Manager <3.3.12 - XSS
CVSS 5.4
CVE-2025-3598
MEDIUM
Coupon Affiliates Affiliate Plugin - WooCommerce < .6.3.0 - XSS
CVSS 6.1
CVE-2025-2162
MEDIUM
MapPress Maps for WordPress <2.94.10 - XSS
CVSS 4.8
CVE-2025-39469
HIGH
Pantherius Modal Survey <2.0.2.0.1 - XSS
CVSS 7.1
CVE-2025-2613
MEDIUM
Login Manager <= 2.0.5 - Authenticated Stored XSS via Custom Logo/Background URLs
CVSS 4.4
CVE-2025-25427
MEDIUM
TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 - Stored Cross-Site Scripting via UPnP Port Mapping Description
CVSS 5.4
CVE-2025-3246
HIGH
GitHub Enterprise Server <3.16.1 - XSS
CVSS 7.6
CVE-2025-39594
HIGH
Bob Arigato Autoresponder & Newsletter <2.7.2.4 - XSS
CVSS 7.1
CVE-2025-39567
HIGH
Shamalli Web Directory Free <1.7.8 - XSS
CVSS 7.1
Details
Vulnerabilities
45,190
Exploit Likelihood
High