CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,227 vulnerabilities with CWE-79
CVE-2025-2481
MEDIUM
MediaView <= 1.1.2 - Unauthenticated Reflected Cross-Site Scripting via 'id' Parameter
CVSS 6.1
CVE-2025-29322
MEDIUM
ScriptCase <v1.0.003 - Build 3 - XSS
CVSS 4.6
CVE-2025-27609
MEDIUM
Icinga Web 2 < 2.11.5 and 2.12.13 - Cross-Site Scripting
CVSS 5.4
CVE-2025-27406
HIGH
Icinga Reporting 0.10.0-1.0.2 - Stored Cross-Site Scripting via Template Injection
CVSS 7.6
CVE-2025-27405
HIGH
Icinga Web 2 < 2.11.5 and 2.12.13 - Stored Cross-Site Scripting via Crafted URL
CVSS 7.6
CVE-2025-28935
HIGH
Fancybox Plus <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28934
HIGH
NotFound Simple Post Series <2.4.4 - XSS
CVSS 7.1
CVE-2025-28928
HIGH
Are you robot google recaptcha for wordpress <2.2 - XSS
CVSS 7.1
CVE-2025-28924
HIGH
ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28921
HIGH
NotFound SpatialMatch IDX <3.0.9 - XSS
CVSS 7.1
CVE-2025-28917
HIGH
NotFound Custom Smilies <2.9.2 - XSS
CVSS 7.1
CVE-2025-28911
HIGH
Gravity 2 PDF <= 3.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28903
HIGH
NotFound Driving Directions <1.4.4 - XSS
CVSS 7.1
CVE-2025-28899
HIGH
NotFound WP Event Ticketing <1.3.4 - XSS
CVSS 7.1
CVE-2025-28890
HIGH
NotFound Lightview Plus <3.1.3 - XSS
CVSS 7.1
CVE-2025-28889
HIGH
Woocommerce Custom Product Stickers <1.9.0 - XSS
CVSS 7.1
CVE-2025-28885
MEDIUM
Fiverr.com Official Search Box <1.0.8 - XSS
CVSS 6.5
CVE-2025-28882
HIGH
Omnify <= 2.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28880
HIGH
Blue Captcha <= 1.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28877
HIGH
Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28869
HIGH
NextGEN Gallery Voting <2.7.6 - XSS
CVSS 7.1
CVE-2025-28865
HIGH
Lionelroux WP Colorful Tag Cloud <2.0.1 - XSS
CVSS 7.1
CVE-2025-28858
HIGH
Arrow Maps <= 1.0.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28855
HIGH
Teleport <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27404
HIGH
Icinga Web 2 < 2.11.5 and 2.12.13 - Stored Cross-Site Scripting via Crafted URL
CVSS 7.6
Details
Vulnerabilities
45,227
Exploit Likelihood
High