CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,256 vulnerabilities with CWE-79
CVE-2025-1291
MEDIUM
Gutenberg Blocks with AI by Kadence WP <= 3.4.9 - Authenticated Stored XSS via Icon Parameter
CVSS 6.4
CVE-2025-1459
MEDIUM
Page Builder by SiteOrigin <= 2.31.4 - Authenticated Stored Cross-Site Scripting via Embedded Video Widget
CVSS 6.4
CVE-2025-0820
MEDIUM
Clicface Trombi <= 2.08 - Authenticated Stored Cross-Site Scripting via Nom Parameter
CVSS 6.4
CVE-2025-25476
MEDIUM
SysPass 3.2.0-3.2.10 - Stored Cross-Site Scripting via Notification Type or Component
CVSS 5.4
CVE-2025-25429
MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via r_name Variable
CVSS 4.8
CVE-2025-25431
MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via Captive Portal SSID Parameter
CVSS 4.8
CVE-2025-25430
MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via configname Parameter
CVSS 4.8
CVE-2025-20049
MEDIUM
Dario Application Database and Internet-based Server Infrastructure - Cross-Site Scripting
CVSS 5.8
CVE-2025-27400
LOW
Magento LTS <20.12.3-20.13.0 - Authenticated XSS
CVSS 2.9
CVE-2025-25461
MEDIUM
SeedDMS 6.0.29 - Stored Cross-Site Scripting via Category Name Field
CVSS 5.4
CVE-2025-25916
MEDIUM
wuzhicms v4.1.0 - Cross-Site Scripting in Member Group Deletion Function
CVSS 5.4
CVE-2025-1776
MEDIUM
Soteshop < 8.3.4 - Cross-Site Scripting via Query Parameter in Google Custom Search
CVSS 6.1
CVE-2025-1749
MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Voucher Parameter
CVSS 4.7
CVE-2025-1748
MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Account Registration Parameter
CVSS 4.7
CVE-2025-1747
MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Account Login Parameter
CVSS 4.7
CVE-2025-1746
MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Product Search Endpoint
CVSS 6.1
CVE-2025-22272
LOW
CyberArk Endpoint Privilege Manager <24.7.1 - Code Injection
CVE-2025-22270
HIGH
CyberArk Endpoint Privilege Manager <24.7.1 - Code Injection
CVE-2025-1319
HIGH
Site Mailer <= 1.2.3 - Unauthenticated Stored XSS
CVSS 7.2
CVE-2025-22491
MEDIUM
Foreseer Reporting Software <1.5.100 - XSS
CVSS 6.7
CVE-2025-1560
MEDIUM
WOW Entrance Effects (WEE!) <= 0.1 - Authenticated Stored Cross-Site Scripting via 'wee' Shortcode
CVSS 6.4
CVE-2025-1571
MEDIUM
Exclusive Addons for Elementor < 2.7.7 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-1405
MEDIUM
Product Catalog Simple <= 1.7.11 - Authenticated Stored Cross-Site Scripting via show_products Shortcode
CVSS 6.4
CVE-2025-1513
HIGH
Contest Gallery < 26.0.1 - Unauthenticated Stored Cross-Site Scripting via Name and Comment Fields
CVSS 7.2
CVE-2025-1511
MEDIUM
User Registration & Membership < 4.0.4 - Unauthenticated Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
Details
Vulnerabilities
45,256
Exploit Likelihood
High