CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-32580
HIGH
Debounce Email Validator <5.7.1 - XSS
CVSS 7.1
CVE-2025-32570
HIGH
ChillPay WooCommerce <= 2.5.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32543
HIGH
hivedigital Canonical Attachments <1.7 - XSS
CVSS 7.1
CVE-2025-32503
HIGH
Jose Conti Link Shield <0.5.4 - XSS
CVSS 7.1
CVE-2025-32495
MEDIUM
Joe Waymark <= 1.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32493
MEDIUM
VibeThemes BP Social Connect <1.6.2 - XSS
CVSS 5.9
CVE-2025-32492
MEDIUM
Eliot Akira Admin Menu Post List <2.0.7 - XSS
CVSS 5.9
CVE-2025-32489
MEDIUM
Tim Wetterwarner < 2.7.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32488
MEDIUM
Aria Font <= 1.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32483
MEDIUM
Scott Salisbury Request Call Back <1.4.1 - XSS
CVSS 5.9
CVE-2025-31394
HIGH
More Mime Type Filters <= 0.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-31035
MEDIUM
Benjamin Chris WP Editor <10.2.1 - XSS
CVSS 5.9
CVE-2025-31020
MEDIUM
Webliberty Simple Spoiler <1.4 - XSS
CVSS 6.5
CVE-2025-31017
MEDIUM
Nav Menu Manager <= 3.2.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31008
MEDIUM
YouTube Embed <= 5.3.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32379
MEDIUM
koa < 2.16.1 and < 3.0.0-alpha.5 - Cross-Site Scripting via ctx.redirect()
CVSS 5.0
CVE-2025-29389
MEDIUM
PbootCMS v3.2.9 - Stored Cross-Site Scripting in Admin Content Management
CVSS 6.1
CVE-2025-3100
MEDIUM
WP Project Manager < 2.6.23 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-30292
MEDIUM
ColdFusion 2023.12 2021.18 2025.0 and earlier - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-27205
MEDIUM
Adobe Experience Manager Screens <FP11.3 - XSS
CVSS 5.4
CVE-2025-32211
MEDIUM
Broadstreet Ads <= 1.52.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32117
HIGH
OTWthemes Widgetize Pages Light <3.0 - XSS
CVSS 7.1
CVE-2025-27442
MEDIUM
Zoom Meeting SDK < 6.3.10 and Rooms < 6.4.0 - Unauthenticated Cross-Site Scripting
CVSS 4.6
CVE-2025-27441
MEDIUM
Zoom Meeting SDK < 6.3.10 and Rooms < 6.4.0 - Unauthenticated Cross-Site Scripting
CVSS 4.6
CVE-2025-27084
MEDIUM
AOS-10 GW/AOS-8 Controller/Mobility Conductor - XSS
CVSS 5.4
Details
Vulnerabilities
45,198
Exploit Likelihood
High