CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-25620 MEDIUM
Unifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
CVSS 5.4
CVE-2025-2150 MEDIUM
HGiga C&Cm@il - Stored Cross-Site Scripting via Email Content
CVSS 5.4
CVE-2025-2133 LOW
ftcms 2.1 - Cross-Site Scripting via News Edit Title Parameter
CVSS 2.4
CVE-2025-2131 LOW
xunruicms < 4.6.3 - Cross-Site Scripting via Friendly Links Handler Website Address
CVSS 2.4
CVE-2025-2130 LOW
OpenXE < 1.12 - Cross-Site Scripting via Ticket Notizen Parameter
CVSS 3.5
CVE-2025-2127 MEDIUM
JoomlaUX JUX Real Estate 3.4.0 - XSS
CVSS 4.3
CVE-2025-2124 LOW
Control iD RH iD 25.2.25.0 - Cross-Site Scripting via Change Password API Message Parameter
CVSS 3.5
CVE-2025-2123 LOW
GeSHi < 1.0.9.1 - Cross-Site Scripting via CSS Handler get_var Function
CVSS 3.5
CVE-2025-1382 MEDIUM
Contact Us By Lord Linus < 2.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-1363 LOW
WooCommerce < 9.0.2 - Authenticated Stored XSS via Settings
CVSS 3.5
CVE-2025-1664 MEDIUM
Essential Blocks < 5.3.2 - Authenticated Stored Cross-Site Scripting via Parallax Slider
CVSS 6.4
CVE-2025-1783 MEDIUM
WordPress Gallery Styles <1.3.4 - XSS
CVSS 6.4
CVE-2025-1324 MEDIUM
WP-Recall < 16.26.10 - Authenticated Stored Cross-Site Scripting via Public-Form Shortcode
CVSS 6.4
CVE-2025-1287 MEDIUM
Plus Addons for Elementor < 6.2.3 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-1261 MEDIUM
HT Mega - Absolute Addons For Elementor <2.8.2 - XSS
CVSS 6.4
CVE-2025-27826 MEDIUM
Bootstrap Lite theme < 1.x-1.4.5 - Cross-Site Scripting via Class Name
CVSS 6.4
CVE-2025-27825 MEDIUM
Bootstrap 5 Lite theme < 1.x-1.0.3 - Cross-Site Scripting via Class Name Sanitization
CVSS 6.4
CVE-2025-27824 MEDIUM
Link iframe formatter < 1.x-1.1.1 - Cross-Site Scripting in iFrame Field
CVSS 6.4
CVE-2025-27823 MEDIUM
Mail Disguise < 1.x-1.0.5 - Cross-Site Scripting via Data Attribute in Link Elements
CVSS 6.4
CVE-2025-27518 MEDIUM
Cognita Backend - Insecure CORS Cross-Site Request
CVE-2025-2087 LOW
starsea-mall 1.0 - Cross-Site Scripting via goodsName Parameter
CVSS 3.5
CVE-2025-2086 LOW
starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter
CVSS 3.5
CVE-2025-2085 LOW
starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter
CVSS 3.5
CVE-2025-2084 LOW
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting in Search Report Page
CVSS 3.5
CVE-2025-0863 MEDIUM
Flexmls IDX Plugin <= 3.14.27 - Authenticated Stored Cross-Site Scripting via idx_frame Shortcode
CVSS 6.4
Details
Vulnerabilities 45,246
Exploit Likelihood High