CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,239 vulnerabilities with CWE-79
CVE-2025-23546
HIGH
NotFound RDP inGroups+ <1.0.6 - XSS
CVSS 7.1
CVE-2025-23543
HIGH
FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23542
HIGH
RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23466
HIGH
wpsiteeditor Site Editor Google Map <1.0.1 - XSS
CVSS 7.1
CVE-2025-23460
HIGH
NotFound RWS Enquiry And Lead Follow-up - XSS
CVSS 7.1
CVE-2025-23459
HIGH
NotFound NS Simple Intro Loader <2.2.3 - XSS
CVSS 7.1
CVE-2025-22283
HIGH
GetSocial <= 2.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1312
MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.2.7 - XSS
CVSS 6.4
CVE-2025-1703
MEDIUM
WordPress Ultimate Blocks <3.2.7 - XSS
CVSS 6.4
CVE-2025-1439
MEDIUM
Advanced iFrame < 2024.5 - Authenticated Stored Cross-Site Scripting via Shortcode src Attribute
CVSS 6.4
CVE-2025-1437
MEDIUM
Advanced iFrame < 2025.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-2167
MEDIUM
WordPress Event post plugin <5.9.9 - XSS
CVSS 5.4
CVE-2025-2009
HIGH
WordPress Newsletters <4.9.9.7 - XSS
CVSS 7.2
CVE-2025-1784
MEDIUM
Spectra - WordPress Gutenberg Blocks <2.19.0 - XSS
CVSS 6.4
CVE-2025-2576
MEDIUM
WordPress kick-start kit plugin <1.0.3 - XSS
CVSS 6.4
CVE-2025-2573
MEDIUM
WPBakery Page Builder Addons < 2.0.0 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2025-2165
MEDIUM
SH Email Alert <= 1.0 - Reflected Cross-Site Scripting via 'mid' Parameter
CVSS 6.1
CVE-2025-1490
MEDIUM
Smart Maintenance Mode <= 1.5.2 - Unauthenticated Reflected Cross-Site Scripting via setstatus Parameter
CVSS 6.1
CVE-2025-2302
MEDIUM
Advanced Woo Search <= 3.28 - Authenticated Stored Cross-Site Scripting via aws_search_terms Shortcode
CVSS 6.4
CVE-2025-30219
MEDIUM
RabbitMQ < 4.0.3 - Stored Cross-Site Scripting via Virtual Host Name
CVSS 6.1
CVE-2025-26742
MEDIUM
GhozyLab Gallery for Social Photo <= 1.0.0.35 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27633
MEDIUM
Hitachi Energy TRMTracker 6.2-6.2.03, 6.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-2635
MEDIUM
Digital License Manager <= 1.7.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg()
CVSS 6.1
CVE-2025-2542
MEDIUM
Your Simple SVG Support <1.0.1 - XSS
CVSS 6.4
CVE-2025-2510
MEDIUM
Frndzk Expandable Bottom Bar <1.0 - XSS
CVSS 5.5
Details
Vulnerabilities
45,239
Exploit Likelihood
High