CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-1612
LOW
Edimax BR-6288ACL 1.30 - Cross-Site Scripting via SSID Parameter in wireless5g_basic.asp
CVSS 3.5
CVE-2025-22635
HIGH
imithemes Eventer < 3.9.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22632
HIGH
totalsoft WooCommerce Pricing - Product Pricing <1.0.9 - XSS
CVSS 7.1
CVE-2025-22631
HIGH
vbout Marketing Automation <1.2.6.8 - XSS
CVSS 7.1
CVE-2025-1597
LOW
Best Church Management Software 1.0 - Cross-Site Scripting via Redirect Parameter
CVSS 3.5
CVE-2025-1592
LOW
Best Employee Management System 1.0 - Cross-Site Scripting via Role Assignment Parameters
CVSS 2.4
CVE-2025-1591
LOW
SourceCodester Employee Management System 1.0 - Cross-Site Scripting via Department Name Parameter
CVSS 2.4
CVE-2025-1589
MEDIUM
SourceCodester E-Learning System 1.0 - Cross-Site Scripting in User Registration Handler
CVSS 4.3
CVE-2025-1467
MEDIUM
tarteaucitronjs < 1.17.0 - Cross-Site Scripting via getElemWidth() and getElemHeight()
CVSS 6.1
CVE-2025-1586
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter
CVSS 3.5
CVE-2025-1585
LOW
tale_project tale < 2.0.5 - Cross-Site Scripting via logo_url Parameter in Header Template
CVSS 2.4
CVE-2025-1579
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Email Parameter
CVSS 2.4
CVE-2025-1577
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via /prostatus.php Message Parameter
CVSS 3.5
CVE-2025-26973
MEDIUM
WarfarePlugins Social Warfare <4.5.4 - XSS
CVSS 6.5
CVE-2025-26774
HIGH
Rock Solid Responsive Modal Builder <1.5.0 - XSS
CVSS 7.1
CVE-2025-26756
HIGH
Magic the Gathering Card Tooltips <3.5.0 - XSS
CVSS 7.1
CVE-2025-0957
HIGH
SMTP for Amazon SES - YaySMTP <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-0953
HIGH
SMTP for Sendinblue - YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-0918
HIGH
SMTP for SendGrid - YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-1553
LOW
pankajindevops scale - Cross-Site Scripting
CVSS 3.5
CVE-2025-27109
HIGH
solid-js < 1.9.4 - Cross-Site Scripting via Inlined JSX Fragment
CVSS 7.3
CVE-2025-27108
HIGH
dom-expressions < 0.39.5 - Cross-Site Scripting via Special Replacement Patterns in .replace()
CVSS 7.3
CVE-2025-1548
LOW
Dreamer CMS 4.1.3 - Cross-Site Scripting via Editor Value Parameter
CVSS 3.5
CVE-2025-1489
MEDIUM
WP-Appbox <= 4.5.4 - Authenticated Stored Cross-Site Scripting via Appbox Shortcode
CVSS 6.4
CVE-2025-1410
MEDIUM
Pie Calendar - Events Calendar Made Simple <= 1.2.5 - Authenticated Stored Cross-Site Scripting via piecal Shortcode
CVSS 6.4
Details
Vulnerabilities
45,278
Exploit Likelihood
High