CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-22771 MEDIUM
The Great Firewords of China <= 1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22692 HIGH
Sponsered Link <= 4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22651 HIGH
wppluginboxdev Stylish Google Sheet Reader <4.0 - XSS
CVSS 7.1
CVE-2025-22636 HIGH
VR-Frases <= 4.0.1 - Reflected Cross-Site Scripting
CVSS 8.2
CVE-2025-22565 HIGH
vooPlayer v4 <= 4.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22340 MEDIUM
Think201 Data Dash <= 1.2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-29015 MEDIUM
Code Astro Internet Banking System 2.0.0 - Cross-Site Scripting via Name Parameter
CVSS 6.1
CVE-2025-3760 MEDIUM
Liferay Portal 7.2.0-7.4.3.129 & DXP 2024.Q4.1-2024.Q4.7 - Authenticated Stored XSS in Radio Button Fields
CVSS 5.4
CVE-2025-3487 MEDIUM
Forminator Forms < 1.42.0 - Authenticated Stored Cross-Site Scripting via Limit Parameter
CVSS 6.4
CVE-2025-3615 MEDIUM
Fluent Forms < 6.0.2 - Authenticated Stored Cross-Site Scripting via form-submission.js
CVSS 6.4
CVE-2025-1525 LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2025-1524 LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2025-1523 LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2025-24909 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server <10.2.0.2 - XSS
CVSS 4.4
CVE-2025-0757 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server <10.2.0.2 - XSS
CVSS 4.4
CVE-2025-29710 MEDIUM
SourceCodester Company Website CMS 1.0 - Stored Cross-Site Scripting via Dashboard Services
CVSS 6.1
CVE-2025-26153 MEDIUM
Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature
CVSS 5.4
CVE-2025-3733 MEDIUM
Drupal baguetteBox.JS <2.0.4, <3.0.1 - XSS
CVSS 6.5
CVE-2025-3692 LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting in Master.php save_product
CVSS 2.4
CVE-2025-39590 MEDIUM
Essential Addons for Elementor <= 6.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39585 MEDIUM
Themefic Travelfic Toolkit <1.2.1 - XSS
CVSS 6.5
CVE-2025-39582 MEDIUM
Passionate Programmer Peter WP Data Access <5.5.36 - XSS
CVSS 6.5
CVE-2025-39581 MEDIUM
Themify Shortcodes <= 2.1.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39579 MEDIUM
WP Swings Membership For WooCommerce <2.8.0 - XSS
CVSS 6.5
CVE-2025-39578 MEDIUM
CyberChimps Responsive Blocks <2.0.2 - XSS
CVSS 6.5
Details
Vulnerabilities 45,198
Exploit Likelihood High