CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-25620
MEDIUM
Unifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
CVSS 5.4
CVE-2025-2150
MEDIUM
HGiga C&Cm@il - Stored Cross-Site Scripting via Email Content
CVSS 5.4
CVE-2025-2133
LOW
ftcms 2.1 - Cross-Site Scripting via News Edit Title Parameter
CVSS 2.4
CVE-2025-2131
LOW
xunruicms < 4.6.3 - Cross-Site Scripting via Friendly Links Handler Website Address
CVSS 2.4
CVE-2025-2130
LOW
OpenXE < 1.12 - Cross-Site Scripting via Ticket Notizen Parameter
CVSS 3.5
CVE-2025-2127
MEDIUM
JoomlaUX JUX Real Estate 3.4.0 - XSS
CVSS 4.3
CVE-2025-2124
LOW
Control iD RH iD 25.2.25.0 - Cross-Site Scripting via Change Password API Message Parameter
CVSS 3.5
CVE-2025-2123
LOW
GeSHi < 1.0.9.1 - Cross-Site Scripting via CSS Handler get_var Function
CVSS 3.5
CVE-2025-1382
MEDIUM
Contact Us By Lord Linus < 2.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-1363
LOW
WooCommerce < 9.0.2 - Authenticated Stored XSS via Settings
CVSS 3.5
CVE-2025-1664
MEDIUM
Essential Blocks < 5.3.2 - Authenticated Stored Cross-Site Scripting via Parallax Slider
CVSS 6.4
CVE-2025-1783
MEDIUM
WordPress Gallery Styles <1.3.4 - XSS
CVSS 6.4
CVE-2025-1324
MEDIUM
WP-Recall < 16.26.10 - Authenticated Stored Cross-Site Scripting via Public-Form Shortcode
CVSS 6.4
CVE-2025-1287
MEDIUM
Plus Addons for Elementor < 6.2.3 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-1261
MEDIUM
HT Mega - Absolute Addons For Elementor <2.8.2 - XSS
CVSS 6.4
CVE-2025-27826
MEDIUM
Bootstrap Lite theme < 1.x-1.4.5 - Cross-Site Scripting via Class Name
CVSS 6.4
CVE-2025-27825
MEDIUM
Bootstrap 5 Lite theme < 1.x-1.0.3 - Cross-Site Scripting via Class Name Sanitization
CVSS 6.4
CVE-2025-27824
MEDIUM
Link iframe formatter < 1.x-1.1.1 - Cross-Site Scripting in iFrame Field
CVSS 6.4
CVE-2025-27823
MEDIUM
Mail Disguise < 1.x-1.0.5 - Cross-Site Scripting via Data Attribute in Link Elements
CVSS 6.4
CVE-2025-27518
MEDIUM
Cognita Backend - Insecure CORS Cross-Site Request
CVE-2025-2087
LOW
starsea-mall 1.0 - Cross-Site Scripting via goodsName Parameter
CVSS 3.5
CVE-2025-2086
LOW
starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter
CVSS 3.5
CVE-2025-2085
LOW
starsea-mall 1.0 - Cross-Site Scripting via redirectUrl Parameter
CVSS 3.5
CVE-2025-2084
LOW
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting in Search Report Page
CVSS 3.5
CVE-2025-0863
MEDIUM
Flexmls IDX Plugin <= 3.14.27 - Authenticated Stored Cross-Site Scripting via idx_frame Shortcode
CVSS 6.4
Details
Vulnerabilities
45,246
Exploit Likelihood
High