CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-32162 MEDIUM
Morgan Kay Chamber Dashboard Business Directory <3.3.11 - XSS
CVSS 6.5
CVE-2025-32161 MEDIUM
Arkhe Blocks <= 2.27.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32136 MEDIUM
ActiveCampaign <= 8.1.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32135 MEDIUM
rocketelements Split Test For Elementor <1.8.3 - XSS
CVSS 5.9
CVE-2025-32134 MEDIUM
KaizenCoders URL Shortify <1.10.4 - XSS
CVSS 5.9
CVE-2025-32133 MEDIUM
Ays Pro Secure Copy Content Protection & Content Locking <4.5.1 - XSS
CVSS 5.9
CVE-2025-32132 MEDIUM
FunnelCockpit <= 1.4.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32131 MEDIUM
Social Intents <= 1.6.19 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-32130 MEDIUM
Data443 Risk Migitation, Inc. Posts Footer Manager <2.2.0 - XSS
CVSS 5.9
CVE-2025-32129 MEDIUM
Data443 Risk Migitation, Inc. Welcome Bar <2.0.4 - XSS
CVSS 5.9
CVE-2025-3251 LOW
admintwo 1.0 - Cross-Site Scripting via User UpdateSet Motto Parameter
CVSS 3.5
CVE-2025-31418 HIGH
Gravel < 1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31416 HIGH
Awesome Event Booking <= 2.8.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31407 MEDIUM
Tiger < 2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31389 HIGH
Sequel <= 1.0.11 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22281 MEDIUM
Simplish <= 2.6.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22282 HIGH
EPC ez Form Calculator - WordPress plugin <2.14.1.2 - XSS
CVSS 7.1
CVE-2025-3219 LOW
Perfex CRM 3.2.1 - Stored Cross-Site Scripting in Project Discussions Module
CVSS 3.5
CVE-2025-3087 MEDIUM
M-Files Web 25.1.14445.5-25.2.14524.4 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-2836 MEDIUM
RegistrationMagic < 6.0.4.3 - Authenticated Stored Cross-Site Scripting via Payment Method Parameter
CVSS 6.4
CVE-2025-2279 MEDIUM
Maps WordPress Plugin < 1.0.6 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.9
CVE-2025-2159 MEDIUM
M-Files Server Admin <25.3.14681.7 - XSS
CVE-2025-3191 MEDIUM
react-draft-wysiwyg - Stored Cross-Site Scripting via Embedded Button
CVSS 6.1
CVE-2025-25001 MEDIUM
Microsoft Edge < 132.0.2957.118 - Cross-Site Scripting
CVSS 4.3
CVE-2025-31483 MEDIUM
Miniflux v2 < 2.2.7 - Cross-Site Scripting via Media Proxy CSP Bypass
Details
Vulnerabilities 45,211
Exploit Likelihood High