CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-31437
MEDIUM
WP-OGP <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31434
MEDIUM
FormLift for Infusionsoft Web Forms <7.5.19 - XSS
CVSS 6.5
CVE-2025-31433
MEDIUM
Magic Embeds <= 3.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-2870
MEDIUM
Clinic Queuing System 1.0 - Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2025-2869
MEDIUM
clinic_queuing_system 1.0 - Reflected Cross-Site Scripting via id Parameter in manage_user.php
CVSS 6.1
CVE-2025-2868
MEDIUM
Clinic Queuing System 1.0 - Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2025-31102
HIGH
Bob Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31096
MEDIUM
WPXPO PostX <= 4.1.25 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31094
MEDIUM
teastudio.pl WP Posts Carousel <1.3.8 - XSS
CVSS 6.5
CVE-2025-31093
MEDIUM
redpixelstudios RPS Include Content <1.2.1 - XSS
CVSS 6.5
CVE-2025-31090
MEDIUM
alordiel Dropdown Multisite selector - XSS
CVSS 6.5
CVE-2025-31088
MEDIUM
Cozmoslabs Paid Member Subscriptions <2.14.3 - XSS
CVSS 6.5
CVE-2025-31083
MEDIUM
ZEEN101 Leaky Paywall <4.21.7 - XSS
CVSS 6.5
CVE-2025-31077
MEDIUM
Ultimate Blocks <= 3.2.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31073
MEDIUM
Unlimited <= 1.45 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27574
LOW
KDDI HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in USB Storage File-Sharing Function
CVSS 3.6
CVE-2025-27567
MEDIUM
HGW-BL1500HM <= 002.002.003 - Cross-Site Scripting in NickName Registration Screen
CVSS 5.4
CVE-2025-1705
MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Stored Cross-Site Scripting via CSRF in td_ajax_get_views
CVSS 6.1
CVE-2025-2804
MEDIUM
tagDiv Composer <= 5.3 - Unauthenticated Reflected Cross-Site Scripting via account_id and account_username Parameters
CVSS 6.1
CVE-2025-31092
MEDIUM
Ninja Team Click to Chat - WP Support All-in-One Floating Widget <2...
CVSS 6.5
CVE-2025-31101
MEDIUM
VaultRE Contact Form 7 <= 1.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31031
MEDIUM
Astoundify Job Colors for WP Job Manager <1.0.5 - XSS
CVSS 5.9
CVE-2025-2878
LOW
Kentico CMS < 13.0.178 - Cross-Site Scripting via New Database Parameter in Install Wizard
CVSS 2.4
CVE-2025-26874
HIGH
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30366
MEDIUM
WeGIA < 3.2.8 - Stored Cross-Site Scripting
CVSS 5.4
Details
Vulnerabilities
45,217
Exploit Likelihood
High