CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,256 vulnerabilities with CWE-79
CVE-2025-23480
MEDIUM
RSVP ME <= 1.9.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23479
HIGH
melascrivi <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23478
HIGH
Photo Video Store <= 21.07 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23473
HIGH
Killer Theme Options <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23472
HIGH
Flexo Slider <= 1.0013 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23468
HIGH
Essay Wizard (wpCRES) <= 1.0.6.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23465
HIGH
Vampire Character Manager <2.13 - XSS
CVSS 7.1
CVE-2025-23464
HIGH
Twitter News Feed <= 1.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23451
HIGH
Awesome Twitter Feeds <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23450
HIGH
AW WooCommerce Kode Pembayaran <1.1.4 - XSS
CVSS 7.1
CVE-2025-23447
HIGH
Smooth Dynamic Slider <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23441
HIGH
Attach Gallery Posts <= 1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23439
HIGH
willshouse TinyMCE Extended Config <0.1.0 - XSS
CVSS 7.1
CVE-2025-23437
HIGH
NotFound ntp-header-images <1.2 - XSS
CVSS 7.1
CVE-2025-23433
HIGH
jnwry vcOS <= 1.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23425
HIGH
Marekkis Watermark <= 0.9.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0475
HIGH
GitLab 15.10-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Proxy Feature
CVSS 8.7
CVE-2025-27585
MEDIUM
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via Print Name Parameter
CVSS 5.4
CVE-2025-27584
MEDIUM
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via First Name Parameter
CVSS 5.4
CVE-2025-25949
MEDIUM
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via User ID Parameter
CVSS 5.4
CVE-2025-1842
MEDIUM
FITSTATS Technologies AthleteMonitoring <20250302 - XSS
CVSS 4.3
CVE-2025-1830
LOW
zframeworks zz < 2024-8 - Cross-Site Scripting via Customer Name Argument
CVSS 2.4
CVE-2025-1817
LOW
Mini-Tmall < 2025-02-11 - Cross-Site Scripting in Admin Name Handler
CVSS 2.4
CVE-2025-1810
MEDIUM
Pixsoft Vivaz 6.0.11 - Cross-Site Scripting via Login Endpoint Sistema Parameter
CVSS 4.3
CVE-2025-1491
MEDIUM
WP Posts Carousel <= 1.3.7 - Authenticated Stored Cross-Site Scripting via auto_play_timeout Parameter
CVSS 6.4
Details
Vulnerabilities
45,256
Exploit Likelihood
High