CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,227 vulnerabilities with CWE-79
CVE-2025-27793
MEDIUM
Vega <5.32.0/5.17.0 - Code Injection
CVE-2025-26738
MEDIUM
Graham Quick Interest Slider <4.1.3 - XSS
CVSS 6.5
CVE-2025-26737
MEDIUM
yudleethemes City Store <1.4.5 - XSS
CVSS 6.5
CVE-2025-26736
MEDIUM
MorningTime Lite <= 1.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26734
MEDIUM
peregrinethemes Hester <2.1.10 - XSS
CVSS 6.5
CVE-2025-26732
MEDIUM
StoreBiz <= 1.0.32 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26731
MEDIUM
Repute Infosystems ARPrice <4.1.3 - XSS
CVSS 6.5
CVE-2025-26619
MEDIUM
vega and vega-functions - Cross-Site Scripting via Unsupported JavaScript Function Calls
CVSS 6.1
CVE-2025-22816
MEDIUM
Power Mag <= 1.1.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2255
HIGH
GitLab 13.5.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Cross-Site Scripting in AppSec Error Messages
CVSS 8.7
CVE-2025-0811
HIGH
GitLab 17.7-17.8.5, 17.9-17.9.2, 17.10 - Cross-Site Scripting via File Rendering
CVSS 8.7
CVE-2025-31140
MEDIUM
JetBrains TeamCity < 2025.03 - Stored Cross-Site Scripting on Cloud Profiles Page
CVSS 4.6
CVE-2025-30925
MEDIUM
The Pack Elementor addons <= 2.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30922
MEDIUM
Simplebooklet PDF Viewer & Embedder <1.1.1 - XSS
CVSS 6.5
CVE-2025-30920
MEDIUM
teastudio.pl WP Posts Carousel <1.3.7 - XSS
CVSS 6.5
CVE-2025-30918
MEDIUM
codemacher Structured Content <1.6.3 - XSS
CVSS 6.5
CVE-2025-30907
MEDIUM
SecuPress Free <= 2.2.5.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30904
MEDIUM
Ays Pro Chartify < 3.1.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30903
MEDIUM
Alex Mills SyntaxHighlighter Evolved <3.7.1 - XSS
CVSS 6.5
CVE-2025-30900
MEDIUM
Zoho Billing - Embed Payment Form < 4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30899
MEDIUM
User Registration < 4.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30898
MEDIUM
Mahdi Yousefi's WooCommerce Plugin - XSS
CVSS 6.5
CVE-2025-30893
MEDIUM
LeadConnector <= 3.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30873
MEDIUM
Greenshift <= 11.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30867
MEDIUM
SearchIQ < 4.7 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,227
Exploit Likelihood
High