CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-31586
MEDIUM
GhozyLab Gallery - Photo Albums Plugin <1.3.170 - XSS
CVSS 6.5
CVE-2025-31574
MEDIUM
SoftHopper Custom Content Scrollbar <1.3 - XSS
CVSS 6.5
CVE-2025-31567
MEDIUM
Themesflat Addons For Elementor <2.2.5 - XSS
CVSS 6.5
CVE-2025-31562
MEDIUM
Aphotrax Uptime Robot Plugin <2.3 - XSS
CVSS 6.5
CVE-2025-31559
MEDIUM
Caspio Bridge Custom Database <2.1 - XSS
CVSS 6.5
CVE-2025-31557
MEDIUM
MiKa OSM - OpenStreetMap <6.1.6 - XSS
CVSS 6.5
CVE-2025-31556
MEDIUM
IDX Broker IMPress for IDX Broker <= 3.2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31549
MEDIUM
Agency Dominion Inc. Fusion <= 1.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31543
MEDIUM
Twice Commerce <= 1.3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31538
MEDIUM
Checklist < 1.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31535
MEDIUM
Simple Owl Carousel <= 1.1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31532
MEDIUM
AtomChat <= 1.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31419
MEDIUM
Themeix Churel <= 1.0.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30963
MEDIUM
Crocoblock JetSmartFilters <3.6.3 - XSS
CVSS 6.5
CVE-2025-23995
HIGH
Tantyyellow <= 1.0.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30961
MEDIUM
Trackserver <= 5.1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2072
MEDIUM
FAST LTA Silent Brick WebUI 2.45-2.63.04 - Reflected Cross-Site Scripting via h/hd/p/pi/s/t/x/y Parameters
CVE-2025-3019
HIGH
KNIME Business Hub < 1.12.4 - Cross-Site Scripting via nuxt-security Module
CVSS 7.2
CVE-2025-2981
LOW
Legrand SMS PowerView 1.x - Cross-Site Scripting via Redirect Parameter
CVSS 3.5
CVE-2025-31414
MEDIUM
Stylemix Cost Calculator Builder <3.2.65 - XSS
CVSS 6.5
CVE-2025-31412
MEDIUM
JetProductGallery <= 2.1.22 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31043
MEDIUM
JetSearch <= 3.5.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30987
MEDIUM
JetBlocks For Elementor <1.3.16 - XSS
CVSS 6.5
CVE-2025-2979
LOW
WCMS 11 - Stored Cross-Site Scripting via Username Parameter in Registration
CVSS 2.4
CVE-2025-0613
MEDIUM
The Photo Gallery by 10Web <1.8.34 - XSS
CVSS 6.1
Details
Vulnerabilities
45,217
Exploit Likelihood
High