CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-26745
MEDIUM
RS Elements Elementor Addon <1.1.5 - XSS
CVSS 6.5
CVE-2025-26744
MEDIUM
JetBlog <= 2.4.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26743
HIGH
TC.K Advance WP Query Search Filter <1.0.10 - XSS
CVSS 7.1
CVE-2025-2083
MEDIUM
Logo Carousel Gutenberg Block <2.1.6 - XSS
CVSS 6.4
CVE-2025-2225
MEDIUM
Responsive Addons for Elementor < 1.6.9 - Authenticated Stored Cross-Site Scripting via rael_title_tag Parameter
CVSS 6.4
CVE-2025-3573
MEDIUM
jquery-validation < 1.20.0 - Cross-Site Scripting via showLabel Function
CVSS 6.1
CVE-2025-3613
LOW
Demtec Graphytics 5.0.7 - Cross-Site Scripting via Visualization Description Parameter
CVSS 3.5
CVE-2025-3612
MEDIUM
Demtec Graphytics 5.0.7 - Cross-Site Scripting via HTTP GET Parameter Handler
CVSS 4.3
CVE-2025-3592
LOW
My-Blog-layui 1.0 - Cross-Site Scripting in /admin/v1/link/edit
CVSS 3.5
CVE-2025-3591
LOW
ZHENFENG13 My-Blog-layui 1.0 - Cross-Site Scripting in /admin/v1/blog/edit
CVSS 3.5
CVE-2025-22373
HIGH
SicommNet BASEC >= 14 Dec 2021 - Reflected Cross-Site Scripting via HTTP Query Strings
CVE-2025-3570
LOW
JamesZBL db-hospital-drug 1.0 - Cross-Site Scripting in ContentController Save Function
CVSS 3.5
CVE-2025-2161
HIGH
Pega Platform 7.2.1-8.5.5 - Stored Cross-Site Scripting in Mashup
CVSS 7.1
CVE-2025-2160
HIGH
Pega Platform 8.4.3-Infinity 24.2.1 - Cross-Site Scripting in Mashup
CVSS 8.1
CVE-2025-3568
LOW
Webkul Krayin CRM <= 2.1.0 - Cross-Site Scripting in SVG File Handler
CVSS 3.5
CVE-2025-3560
LOW
ghostxbh uzy-ssm-mall 1.0.0 - Cross-Site Scripting via product_name Parameter
CVSS 3.5
CVE-2025-3554
MEDIUM
phpshe 1.8 - Cross-Site Scripting via api.php?mod=cron&act=buyer Parameter
CVSS 4.3
CVE-2025-3423
MEDIUM
IBM Aspera Faspex 5.0.0-5.0.11 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-3533
MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via Parent Argument in Channel Index
CVSS 4.3
CVE-2025-3532
MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via OrderNumber Parameter
CVSS 4.3
CVE-2025-3531
MEDIUM
YouDianCMS 9.5.21 - Cross-Site Scripting via UserName/LogType Argument
CVSS 4.3
CVE-2025-1456
MEDIUM
Royal Elementor Addons < 1.7.1013 - Authenticated Stored XSS via widget Methods
CVSS 6.4
CVE-2025-1455
MEDIUM
Royal Elementor Addons < 1.7.1013 - Authenticated Stored Cross-Site Scripting via Woo Grid Widget
CVSS 6.4
CVE-2025-3276
MEDIUM
SKT Blocks - Gutenberg based Page Builder <= 1.9 - Authenticated Stored Cross-Site Scripting via Post Carousel Block
CVSS 6.4
CVE-2025-2269
MEDIUM
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin f...
CVSS 6.1
Details
Vulnerabilities
45,198
Exploit Likelihood
High