CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,256 vulnerabilities with CWE-79
CVE-2025-1757
MEDIUM
WordPress Portfolio Builder - Stored XSS
CVSS 6.4
CVE-2025-1505
MEDIUM
Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting via Nonce Parameter
CVSS 6.1
CVE-2025-22624
MEDIUM
FooGallery 2.4.29 - Info Disclosure
CVE-2025-23687
HIGH
Woo Store Mode <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1742
MEDIUM
PiHome MaxAir 2.0 - Stored Cross-Site Scripting via /home.php page_name Parameter
CVSS 4.3
CVE-2025-1450
MEDIUM
Chaty <= 3.3.5 - Authenticated Stored XSS via data-hover Parameter
CVSS 6.4
CVE-2025-1690
MEDIUM
ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Stripe Shortcode
CVSS 6.4
CVE-2025-1689
MEDIUM
ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated Stored Cross-Site Scripting via PayPal Shortcode
CVSS 6.4
CVE-2025-0469
MEDIUM
Forminator Forms < 1.39.3 - Authenticated Stored Cross-Site Scripting via Slider Template Data
CVSS 6.4
CVE-2025-20116
MEDIUM
Cisco Application Policy Infrastructure Controller - Authenticated Stored Cross-Site Scripting in Web UI
CVSS 4.8
CVE-2025-25825
HIGH
Emlog Pro 2.5.4 - Stored Cross-Site Scripting in Article Category Title
CVSS 7.1
CVE-2025-25823
HIGH
Emlog Pro 2.5.4 - Stored Cross-Site Scripting via Article Header
CVSS 7.3
CVE-2025-25818
MEDIUM
Emlog Pro 2.5.4 - Stored Cross-Site Scripting via postStrVar Function
CVSS 5.1
CVE-2025-0719
MEDIUM
IBM Cloud Pak for Data 4.0.0-4.8.5 and 5.0.0 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-1517
MEDIUM
Sina Extension for Elementor <= 3.6.0 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-27139
MEDIUM
Combodo iTop <2.7.12, <3.1.2, <3.2.0 - XSS
CVSS 6.8
CVE-2025-21627
MEDIUM
GLPI < 10.0.18 - Unauthenticated Reflected Cross-Site Scripting via Search Page
CVSS 6.5
CVE-2025-26993
HIGH
Atarim <= 4.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26991
HIGH
WPPizza <= 3.19.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26987
HIGH
Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26981
HIGH
Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26980
MEDIUM
Wired Impact Volunteer Management <2.5 - XSS
CVSS 6.5
CVE-2025-26962
MEDIUM
GhozyLab Easy Contact Form Lite <1.1.25 - XSS
CVSS 6.5
CVE-2025-26952
MEDIUM
bPlugins Business Card Block <1.0.5 - XSS
CVSS 6.5
CVE-2025-26949
MEDIUM
bPlugins Team Section Block <1.0.9 - XSS
CVSS 6.5
Details
Vulnerabilities
45,256
Exploit Likelihood
High