CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,217 vulnerabilities with CWE-79
CVE-2025-2977 LOW
GFI KerioConnect 10.0.6 - Cross-Site Scripting in PDF File Handler
CVSS 3.5
CVE-2025-2976 LOW
GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-2975 LOW
GFI KerioConnect 10.0.6 - Stored Cross-Site Scripting in Signature Handler
CVSS 3.5
CVE-2025-2974 LOW
Perfex CRM < 3.2.1 - Stored Cross-Site Scripting in Contracts Module
CVSS 3.5
CVE-2025-28097 MEDIUM
OneNav 1.1.0 - Cross-Site Scripting in Custom Headers
CVSS 5.5
CVE-2025-28094 MEDIUM
ShopXO 6.4.0 Multiple Functions - Server-Side Request Forgery and Cross-Site Scripting
CVSS 6.5
CVE-2025-28254 MEDIUM
Leantime < 3.3.0 - Authenticated Stored Cross-Site Scripting via First Name Field in processMentions()
CVSS 5.4
CVE-2025-22767 HIGH
GlobalPayments WooCommerce <1.13.0 - XSS
CVSS 7.1
CVE-2025-22575 HIGH
extendyourweb SUPER RESPONSIVE SLIDER <1.4 - XSS
CVSS 7.1
CVE-2025-22566 HIGH
ULTIMATE VIDEO GALLERY <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22360 HIGH
WP Azure offload <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22356 HIGH
Stencies <= 0.58 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2865 MEDIUM
SaTECH BCU Firmware 2.1.3 - Stored Cross-Site Scripting via Untrusted Domain Resources
CVSS 6.1
CVE-2025-2864 MEDIUM
SaTECH BCU Firmware 2.1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-31473 MEDIUM
WP Database Optimizer <1.2.1.3 - XSS
CVSS 5.9
CVE-2025-31472 MEDIUM
Flatty <= 2.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31471 MEDIUM
Falcon Solutions Duplicate Page and Post <1.0 - XSS
CVSS 5.9
CVE-2025-31470 MEDIUM
FancyThemes Page Takeover <1.1.6 - XSS
CVSS 5.9
CVE-2025-31465 MEDIUM
cornershop Better Section Navigation Widget <1.6.1 - XSS
CVSS 6.5
CVE-2025-31464 MEDIUM
Nazmur Rahman Text Selection Color <1.6 - XSS
CVSS 5.9
CVE-2025-31463 MEDIUM
TGG WP Optimizer <= 1.25 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31453 MEDIUM
YouTube SimpleGallery <= 2.0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31452 MEDIUM
Mindshare Labs, Inc. WP Ultimate Search <2.0.3 - XSS
CVSS 6.5
CVE-2025-31451 MEDIUM
wBounce <= 1.8.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31450 MEDIUM
Phantom Omaga Toggle Box <1.6 - XSS
CVSS 6.5
Details
Vulnerabilities 45,217
Exploit Likelihood High