CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-2205
MEDIUM
GDPR Cookie Compliance < 4.15.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2078
MEDIUM
BlogBuzzTime for WP <= 1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2077
MEDIUM
Simple Amazon Affiliate <= 1.0.9 - Unauthenticated Reflected Cross-Site Scripting via 'msg' Parameter
CVSS 6.1
CVE-2025-2076
MEDIUM
binlayerpress < 1.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-2214
LOW
Microweber 2.0.19 - Cross-Site Scripting via Settings Handler Group Argument
CVSS 3.5
CVE-2025-2213
LOW
Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via SSID Parameter in Wireless Menu
CVSS 2.4
CVE-2025-2212
LOW
Castlenet CBW383G2N < 2025-03-01 - Cross-Site Scripting via /RgSwInfo.asp Description Parameter
CVSS 2.4
CVE-2025-2211
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDictDetail/add Name Parameter
CVSS 2.4
CVE-2025-2210
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysJob/add Name Parameter
CVSS 2.4
CVE-2025-2209
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDict/add Name Parameter
CVSS 2.4
CVE-2025-2208
LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via Filename Handler
CVSS 2.4
CVE-2025-28943
MEDIUM
mylo2h2s DP ALTerminator <1.0.2 - XSS
CVSS 5.9
CVE-2025-28937
MEDIUM
Lavacode Lava Ajax Search <1.1.9 - XSS
CVSS 5.9
CVE-2025-28936
MEDIUM
Lunar <= 1.3.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28930
MEDIUM
List Mixcloud <= 1.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-28929
MEDIUM
Vivek Marakana Tabbed Login Widget <1.1.2 - XSS
CVSS 6.5
CVE-2025-28926
MEDIUM
Post Read Time <= 1.2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28919
MEDIUM
Shellbot Easy Image Display <1.2.5 - XSS
CVSS 6.5
CVE-2025-28918
MEDIUM
A. Jones Featured Image Thumbnail Grid <6.6.1 - XSS
CVSS 6.5
CVE-2025-28914
MEDIUM
wordpress login form to anywhere <= 0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28908
MEDIUM
pipdig pipDisqus <= 1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28907
MEDIUM
WP Last Modified <= 0.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28906
MEDIUM
Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28905
HIGH
Chaser324 Featured Posts Grid <1.7 - XSS
CVSS 7.1
CVE-2025-28895
HIGH
sumanbiswas013 Custom top bar <2.0.2 - XSS
CVSS 7.1
Details
Vulnerabilities
45,246
Exploit Likelihood
High