CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-30607
HIGH
Name.ly Quick Localization <0.1.0 - XSS
CVSS 7.1
CVE-2025-30579
HIGH
Pesapal Gateway for Woocommerce <2.1.0 - XSS
CVSS 7.1
CVE-2025-30563
HIGH
Tidekey <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30559
HIGH
Kento WordPress Stats <= 1.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-30548
HIGH
VarDump s.r.l. Advanced Post Search <1.1.0 - XSS
CVSS 7.1
CVE-2025-30547
HIGH
WP Cards <= 1.5.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30544
HIGH
OK Poster Group <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30520
HIGH
crosstec Breezing Forms <1.2.8.11 - XSS
CVSS 7.1
CVE-2025-1665
MEDIUM
Avada (Fusion) Builder <= 3.11.14 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-1534
MEDIUM
Payara Server 4.1.2.191.1-50, 5.20.0-67.9, 6.0.0-22.9, 6.2022.1-2025.1 - Remote Code Execution via XSS
CVSS 5.4
CVE-2025-30434
MEDIUM
iPadOS < 18.4 - Cross-Site Scripting via Maliciously Crafted File
CVSS 5.0
CVE-2025-24208
MEDIUM
Safari < 18.4 - Cross-Site Scripting via Malicious Iframe
CVSS 6.1
CVE-2025-3057
MEDIUM
Drupal 8.0.0-10.3.12, 10.4.0-10.4.2, 11.0.0-11.0.11, 11.1.0-11.1.2 - Cross-Site Scripting
CVSS 6.1
CVE-2025-3036
LOW
yzk2356911358 StudentServlet-JSP - Cross-Site Scripting via Name Argument
CVSS 2.4
CVE-2025-31697
MEDIUM
Drupal Formatter Suite <2.1.0 - XSS
CVSS 6.1
CVE-2025-31696
MEDIUM
Drupal RapiDoc OAS Field Formatter <1.0.1 - XSS
CVSS 6.1
CVE-2025-31695
MEDIUM
Drupal Link field display mode formatter < 1.6.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-31687
MEDIUM
Drupal SpamSpan filter < 3.2.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-31682
MEDIUM
Drupal Google Tag <1.8.0, <2.0.8 - XSS
CVSS 4.8
CVE-2025-31679
MEDIUM
Drupal Ignition Error Pages <1.0.4 - XSS
CVSS 6.1
CVE-2025-31675
MEDIUM
Drupal 8.0.0-10.3.13, 10.4.0-10.4.4, 11.0.0-11.1.4 & Link 7.x-1.0-7.x-1.11 - XSS
CVSS 5.4
CVE-2025-31128
MEDIUM
gifplayer < 0.3.7 - Cross-Site Scripting
CVE-2025-3005
LOW
ForestBlog < 2025-03-21 - Cross-Site Scripting in Friend Link Handler
CVSS 3.5
CVE-2025-3004
LOW
ForestBlog < 2025-03-21 - Cross-Site Scripting via Search Keywords Parameter
CVSS 3.5
CVE-2025-30223
CRITICAL
beego < 2.3.6 - Cross-Site Scripting via RenderForm Function
CVSS 9.3
Details
Vulnerabilities
45,217
Exploit Likelihood
High