CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-2977
LOW
GFI KerioConnect 10.0.6 - Cross-Site Scripting in PDF File Handler
CVSS 3.5
CVE-2025-2976
LOW
GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-2975
LOW
GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting in Signature Handler
CVSS 3.5
CVE-2025-2974
LOW
Perfex CRM < 3.2.1 - Stored Cross-Site Scripting in Contracts Module
CVSS 3.5
CVE-2025-28097
MEDIUM
OneNav 1.1.0 - Cross-Site Scripting in Custom Headers
CVSS 5.5
CVE-2025-28094
MEDIUM
ShopXO 6.4.0 Multiple Functions - Server-Side Request Forgery and Cross-Site Scripting
CVSS 6.5
CVE-2025-28254
MEDIUM
Leantime < 3.3.0 - Authenticated Stored Cross-Site Scripting via First Name Field in processMentions()
CVSS 5.4
CVE-2025-22767
HIGH
GlobalPayments WooCommerce <1.13.0 - XSS
CVSS 7.1
CVE-2025-22575
HIGH
extendyourweb SUPER RESPONSIVE SLIDER <1.4 - XSS
CVSS 7.1
CVE-2025-22566
HIGH
ULTIMATE VIDEO GALLERY <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22360
HIGH
WP Azure offload <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22356
HIGH
Stencies <= 0.58 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2865
MEDIUM
SaTECH BCU Firmware 2.1.3 - Stored Cross-Site Scripting via Untrusted Domain Resources
CVSS 6.1
CVE-2025-2864
MEDIUM
SaTECH BCU Firmware 2.1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-31473
MEDIUM
WP Database Optimizer <1.2.1.3 - XSS
CVSS 5.9
CVE-2025-31472
MEDIUM
Flatty <= 2.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31471
MEDIUM
Falcon Solutions Duplicate Page and Post <1.0 - XSS
CVSS 5.9
CVE-2025-31470
MEDIUM
FancyThemes Page Takeover <1.1.6 - XSS
CVSS 5.9
CVE-2025-31465
MEDIUM
cornershop Better Section Navigation Widget <1.6.1 - XSS
CVSS 6.5
CVE-2025-31464
MEDIUM
Nazmur Rahman Text Selection Color <1.6 - XSS
CVSS 5.9
CVE-2025-31463
MEDIUM
TGG WP Optimizer <= 1.25 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31453
MEDIUM
YouTube SimpleGallery <= 2.0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31452
MEDIUM
Mindshare Labs, Inc. WP Ultimate Search <2.0.3 - XSS
CVSS 6.5
CVE-2025-31451
MEDIUM
wBounce <= 1.8.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31450
MEDIUM
Phantom Omaga Toggle Box <1.6 - XSS
CVSS 6.5
Details
Vulnerabilities
45,217
Exploit Likelihood
High