CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,256 vulnerabilities with CWE-79
CVE-2025-1291 MEDIUM
Gutenberg Blocks with AI by Kadence WP <= 3.4.9 - Authenticated Stored XSS via Icon Parameter
CVSS 6.4
CVE-2025-1459 MEDIUM
Page Builder by SiteOrigin <= 2.31.4 - Authenticated Stored Cross-Site Scripting via Embedded Video Widget
CVSS 6.4
CVE-2025-0820 MEDIUM
Clicface Trombi <= 2.08 - Authenticated Stored Cross-Site Scripting via Nom Parameter
CVSS 6.4
CVE-2025-25476 MEDIUM
SysPass 3.2.0-3.2.10 - Stored Cross-Site Scripting via Notification Type or Component
CVSS 5.4
CVE-2025-25429 MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via r_name Variable
CVSS 4.8
CVE-2025-25431 MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via Captive Portal SSID Parameter
CVSS 4.8
CVE-2025-25430 MEDIUM
Trendnet TEW-929DRU 1.0.0.10 - Stored Cross-Site Scripting via configname Parameter
CVSS 4.8
CVE-2025-20049 MEDIUM
Dario Application Database and Internet-based Server Infrastructure - Cross-Site Scripting
CVSS 5.8
CVE-2025-27400 LOW
Magento LTS <20.12.3-20.13.0 - Authenticated XSS
CVSS 2.9
CVE-2025-25461 MEDIUM
SeedDMS 6.0.29 - Stored Cross-Site Scripting via Category Name Field
CVSS 5.4
CVE-2025-25916 MEDIUM
wuzhicms v4.1.0 - Cross-Site Scripting in Member Group Deletion Function
CVSS 5.4
CVE-2025-1776 MEDIUM
Soteshop < 8.3.4 - Cross-Site Scripting via Query Parameter in Google Custom Search
CVSS 6.1
CVE-2025-1749 MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Voucher Parameter
CVSS 4.7
CVE-2025-1748 MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Account Registration Parameter
CVSS 4.7
CVE-2025-1747 MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Account Login Parameter
CVSS 4.7
CVE-2025-1746 MEDIUM
OpenCart < 4.1.0.0 - Cross-Site Scripting via Product Search Endpoint
CVSS 6.1
CVE-2025-22272 LOW
CyberArk Endpoint Privilege Manager <24.7.1 - Code Injection
CVE-2025-22270 HIGH
CyberArk Endpoint Privilege Manager <24.7.1 - Code Injection
CVE-2025-1319 HIGH
Site Mailer <= 1.2.3 - Unauthenticated Stored XSS
CVSS 7.2
CVE-2025-22491 MEDIUM
Foreseer Reporting Software <1.5.100 - XSS
CVSS 6.7
CVE-2025-1560 MEDIUM
WOW Entrance Effects (WEE!) <= 0.1 - Authenticated Stored Cross-Site Scripting via 'wee' Shortcode
CVSS 6.4
CVE-2025-1571 MEDIUM
Exclusive Addons for Elementor < 2.7.7 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-1405 MEDIUM
Product Catalog Simple <= 1.7.11 - Authenticated Stored Cross-Site Scripting via show_products Shortcode
CVSS 6.4
CVE-2025-1513 HIGH
Contest Gallery < 26.0.1 - Unauthenticated Stored Cross-Site Scripting via Name and Comment Fields
CVSS 7.2
CVE-2025-1511 MEDIUM
User Registration & Membership < 4.0.4 - Unauthenticated Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
Details
Vulnerabilities 45,256
Exploit Likelihood High