CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-26553
HIGH
Spring Devs Pre Order Addon - WooCommerce - Advance Order/Backorder...
CVSS 7.1
CVE-2025-26548
HIGH
NotFound Random Image Selector <2.4 - XSS
CVSS 7.1
CVE-2025-23744
HIGH
Random Posts, Mp3 Player + ShareButton <= 1.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-2325
HIGH
WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVSS 7.2
CVE-2025-1773
MEDIUM
Traveler Theme <3.1.8 - XSS
CVSS 6.1
CVE-2025-2164
MEDIUM
pixelstats < 0.8.2 - Unauthenticated Reflected Cross-Site Scripting via post_id and sortby Parameters
CVSS 6.1
CVE-2025-2163
MEDIUM
Zoorum Comments < 0.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2025-29782
MEDIUM
WeGIA < 3.2.17 - Stored Cross-Site Scripting via tipo Parameter in adicionar_tipo_docs_atendido.php
CVSS 5.4
CVE-2025-29771
MEDIUM
HtmlSanitizer < 2.0.3 - Cross-Site Scripting via ContentEditable InnerHTML Injection
CVE-2025-1888
MEDIUM
Aperio Eslide Manager >=12.3.2.5030 <12.3.2.5030 - Authenticated Reflected Cross-Site Scripting via Memo Field
CVSS 4.6
CVE-2025-26626
MEDIUM
glpi-inventory-plugin < 1.5.0 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-1526
MEDIUM
DethemeKit for Elementor <= 2.1.9 - Authenticated Stored Cross-Site Scripting via De Product Display Widget
CVSS 6.4
CVE-2025-2166
MEDIUM
CM FAQ < 1.2.5 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2025-28010
MEDIUM
MODX < 3.1.0 - Authenticated Stored Cross-Site Scripting via SVG Profile Image Upload
CVSS 5.4
CVE-2025-25625
MEDIUM
FS S3150-8T2F Firmware 220d_118101 & Web v2.2.2 - Authenticated Stored XSS via User Name
CVSS 5.4
CVE-2025-1487
HIGH
WoWPth < 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1486
HIGH
WoWPth < 2.0 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 7.1
CVE-2025-1401
HIGH
WP Click Info < 2.7.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1561
HIGH
AppPresser - Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting via Title Parameter
CVSS 7.2
CVE-2025-1503
MEDIUM
WP Recipe Maker <= 9.8.0 - Authenticated Stored Cross-Site Scripting via Roundup Recipe Name Field
CVSS 6.4
CVE-2025-1559
MEDIUM
CC-IMG-Shortcode <= 1.1.0 - Authenticated Stored Cross-Site Scripting via 'img' Shortcode
CVSS 6.4
CVE-2025-27867
MEDIUM
Apache Felix HTTP Webconsole Plugin 1.X-1.2.0 - Cross-Site Scripting
CVSS 5.6
CVE-2025-27915
MEDIUM
KEV
Zimbra - Cross-Site Scripting via ICS Files
CVSS 5.4
CVE-2025-27914
MEDIUM
Zimbra Collaboration 9.0-10.1 - Authenticated Reflected Cross-Site Scripting via /h/rest Endpoint
CVSS 5.4
CVE-2025-1527
MEDIUM
ShopLentor < 3.1.0 - Authenticated Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module
CVSS 6.4
Details
Vulnerabilities
45,246
Exploit Likelihood
High