CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,256 vulnerabilities with CWE-79
CVE-2025-1757 MEDIUM
WordPress Portfolio Builder - Stored XSS
CVSS 6.4
CVE-2025-1505 MEDIUM
Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting via Nonce Parameter
CVSS 6.1
CVE-2025-22624 MEDIUM
FooGallery 2.4.29 - Info Disclosure
CVE-2025-23687 HIGH
Woo Store Mode <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1742 MEDIUM
PiHome MaxAir 2.0 - Stored Cross-Site Scripting via /home.php page_name Parameter
CVSS 4.3
CVE-2025-1450 MEDIUM
Chaty <= 3.3.5 - Authenticated Stored XSS via data-hover Parameter
CVSS 6.4
CVE-2025-1690 MEDIUM
ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Stripe Shortcode
CVSS 6.4
CVE-2025-1689 MEDIUM
ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated Stored Cross-Site Scripting via PayPal Shortcode
CVSS 6.4
CVE-2025-0469 MEDIUM
Forminator Forms < 1.39.3 - Authenticated Stored Cross-Site Scripting via Slider Template Data
CVSS 6.4
CVE-2025-20116 MEDIUM
Cisco Application Policy Infrastructure Controller - Authenticated Stored Cross-Site Scripting in Web UI
CVSS 4.8
CVE-2025-25825 HIGH
Emlog Pro 2.5.4 - Stored Cross-Site Scripting in Article Category Title
CVSS 7.1
CVE-2025-25823 HIGH
Emlog Pro 2.5.4 - Stored Cross-Site Scripting via Article Header
CVSS 7.3
CVE-2025-25818 MEDIUM
Emlog Pro 2.5.4 - Stored Cross-Site Scripting via postStrVar Function
CVSS 5.1
CVE-2025-0719 MEDIUM
IBM Cloud Pak for Data 4.0.0-4.8.5 and 5.0.0 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-1517 MEDIUM
Sina Extension for Elementor <= 3.6.0 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-27139 MEDIUM
Combodo iTop <2.7.12, <3.1.2, <3.2.0 - XSS
CVSS 6.8
CVE-2025-21627 MEDIUM
GLPI < 10.0.18 - Unauthenticated Reflected Cross-Site Scripting via Search Page
CVSS 6.5
CVE-2025-26993 HIGH
Atarim <= 4.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26991 HIGH
WPPizza <= 3.19.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26987 HIGH
Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26981 HIGH
Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26980 MEDIUM
Wired Impact Volunteer Management <2.5 - XSS
CVSS 6.5
CVE-2025-26962 MEDIUM
GhozyLab Easy Contact Form Lite <1.1.25 - XSS
CVSS 6.5
CVE-2025-26952 MEDIUM
bPlugins Business Card Block <1.0.5 - XSS
CVSS 6.5
CVE-2025-26949 MEDIUM
bPlugins Team Section Block <1.0.9 - XSS
CVSS 6.5
Details
Vulnerabilities 45,256
Exploit Likelihood High