CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-22771
MEDIUM
The Great Firewords of China <= 1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22692
HIGH
Sponsered Link <= 4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22651
HIGH
wppluginboxdev Stylish Google Sheet Reader <4.0 - XSS
CVSS 7.1
CVE-2025-22636
HIGH
VR-Frases <= 4.0.1 - Reflected Cross-Site Scripting
CVSS 8.2
CVE-2025-22565
HIGH
vooPlayer v4 <= 4.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22340
MEDIUM
Think201 Data Dash <= 1.2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-29015
MEDIUM
Code Astro Internet Banking System 2.0.0 - Cross-Site Scripting via Name Parameter
CVSS 6.1
CVE-2025-3760
MEDIUM
Liferay Portal 7.2.0-7.4.3.129 & DXP 2024.Q4.1-2024.Q4.7 - Authenticated Stored XSS in Radio Button Fields
CVSS 5.4
CVE-2025-3487
MEDIUM
Forminator Forms < 1.42.0 - Authenticated Stored Cross-Site Scripting via Limit Parameter
CVSS 6.4
CVE-2025-3615
MEDIUM
Fluent Forms < 6.0.2 - Authenticated Stored Cross-Site Scripting via form-submission.js
CVSS 6.4
CVE-2025-1525
LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2025-1524
LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2025-1523
LOW
Ultimate Dashboard < 3.8.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2025-24909
MEDIUM
Hitachi Vantara Pentaho Business Analytics Server <10.2.0.2 - XSS
CVSS 4.4
CVE-2025-0757
MEDIUM
Hitachi Vantara Pentaho Business Analytics Server <10.2.0.2 - XSS
CVSS 4.4
CVE-2025-29710
MEDIUM
SourceCodester Company Website CMS 1.0 - Stored Cross-Site Scripting via Dashboard Services
CVSS 6.1
CVE-2025-26153
MEDIUM
Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature
CVSS 5.4
CVE-2025-3733
MEDIUM
Drupal baguetteBox.JS <2.0.4, <3.0.1 - XSS
CVSS 6.5
CVE-2025-3692
LOW
SourceCodester Online Eyewear Shop 1.0 - Cross-Site Scripting in Master.php save_product
CVSS 2.4
CVE-2025-39590
MEDIUM
Essential Addons for Elementor <= 6.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39585
MEDIUM
Themefic Travelfic Toolkit <1.2.1 - XSS
CVSS 6.5
CVE-2025-39582
MEDIUM
Passionate Programmer Peter WP Data Access <5.5.36 - XSS
CVSS 6.5
CVE-2025-39581
MEDIUM
Themify Shortcodes <= 2.1.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39579
MEDIUM
WP Swings Membership For WooCommerce <2.8.0 - XSS
CVSS 6.5
CVE-2025-39578
MEDIUM
CyberChimps Responsive Blocks <2.0.2 - XSS
CVSS 6.5
Details
Vulnerabilities
45,198
Exploit Likelihood
High