CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-30006
MEDIUM
Xorcom CompletePBX < 5.2.36.1 - Reflected Cross-Site Scripting in Administrative Control Panel
CVSS 6.1
CVE-2025-30203
MEDIUM
Tuleap < 16.4-8 and < 16.5.99.1742562878 - Cross-Site Scripting via RSS Feed Widget
CVSS 4.8
CVE-2025-30149
MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via AJAX Script Target Parameter
CVSS 6.4
CVE-2025-29772
MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via hidden_subcategory Parameter
CVSS 6.1
CVE-2025-31629
MEDIUM
Infusionsoft Web Form JavaScript <= 1.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31627
MEDIUM
Media Library Assistant <3.24 - XSS
CVSS 5.9
CVE-2025-31625
HIGH
ramanparashar Useinfluence <1.0.8 - XSS
CVSS 7.1
CVE-2025-31624
MEDIUM
LABCAT Processing Projects <1.0.2 - XSS
CVSS 6.5
CVE-2025-31621
MEDIUM
byBrick Accordion <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31620
MEDIUM
carperfer CoverManager <0.0.1 - XSS
CVSS 6.5
CVE-2025-31615
HIGH
owenr88 Simple Contact Forms <1.6.4 - XSS
CVSS 7.1
CVE-2025-31614
MEDIUM
hiroprot Terms Before Download <1.0.4 - XSS
CVSS 6.5
CVE-2025-31610
MEDIUM
gingerplugins Notification Bar < 1.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31608
MEDIUM
CookieHint WP <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31607
MEDIUM
flomei Simple-Audioplayer <1.1 - XSS
CVSS 6.5
CVE-2025-31605
MEDIUM
WeblineIndia Welcome Popup <1.0.10 - XSS
CVSS 5.9
CVE-2025-31598
MEDIUM
WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce...
CVSS 6.5
CVE-2025-31597
MEDIUM
crazycric Ultimate Live Cricket WordPress Lite <1.4.2 - XSS
CVSS 6.5
CVE-2025-31595
MEDIUM
wpdiscover Timeline Event History <3.2 - XSS
CVSS 6.5
CVE-2025-31593
MEDIUM
OpenMenu < 3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31592
MEDIUM
Paolo Melchiorre Send E-mail <1.3 - XSS
CVSS 6.5
CVE-2025-31591
MEDIUM
Exit Popup Free <= 1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31590
MEDIUM
Denra.com WP Date and Time Shortcode <2.6.7 - XSS
CVSS 6.5
CVE-2025-31589
MEDIUM
Kibru Demeke Ethiopian Calendar - XSS
CVSS 6.5
CVE-2025-31587
MEDIUM
Elfsight Testimonials Slider <1.0.1 - XSS
CVSS 5.9
Details
Vulnerabilities
45,217
Exploit Likelihood
High