CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-30970
HIGH
Easy Contact <= 0.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-29471
HIGH
Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field
CVSS 8.3
CVE-2025-26998
MEDIUM
SKT Blocks <= 1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26951
MEDIUM
C9 Blocks <= 1.7.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26950
MEDIUM
AddonsPress Nepali Date Converter <2.0.8 - XSS
CVSS 6.5
CVE-2025-26934
MEDIUM
Glossy Blog <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26930
MEDIUM
Alleythemes Home Services <1.2.6 - XSS
CVSS 6.5
CVE-2025-26919
MEDIUM
Tain < 0.2.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26906
MEDIUM
Ren Ventura WP Delete User Accounts <1.2.3 - XSS
CVSS 6.5
CVE-2025-26880
MEDIUM
sonalsinha21 SKT Skill Bar <2.3 - XSS
CVSS 6.5
CVE-2025-26870
MEDIUM
JetEngine <= 3.6.4.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26749
MEDIUM
WPFactory Additional Custom Product Tabs for WooCommerce <1.7.0 - XSS
CVSS 6.5
CVE-2025-26746
HIGH
NotFound Advanced Custom Fields: Link Picker Field <1.2.8 - XSS
CVSS 7.1
CVE-2025-26740
MEDIUM
SpaBiz <= 1.0.18 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24297
CRITICAL
Growatt Cloud Portal < 3.6.0 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-22269
MEDIUM
ShapedPlugin LLC Real Testimonials <3.1.6 - XSS
CVSS 6.5
CVE-2025-22268
MEDIUM
Uncanny Toolkit for LearnDash <3.7.0.1 - XSS
CVSS 6.5
CVE-2025-22263
HIGH
Global Gallery < 8.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30511
HIGH
Growatt Cloud Portal <= 3.6.0 - Stored XSS
CVSS 8.8
CVE-2025-29280
MEDIUM
PerfreeBlog 4.0.11 - Stored Cross-Site Scripting in Website Name Field
CVSS 4.8
CVE-2025-31011
HIGH
ReichertBrothers SimplyRETS <3.0.3 - XSS
CVSS 7.1
CVE-2025-30962
HIGH
FS Poster <= 6.5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26992
HIGH
Landing Page Cat <= 1.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26982
MEDIUM
DSGVO Youtube <= 1.5.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26954
HIGH
ZooEffect <= 1.11 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,198
Exploit Likelihood
High