CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-1407
MEDIUM
AMO Team Showcase < 1.1.4 - Authenticated Stored Cross-Site Scripting via amoteam_skills Shortcode
CVSS 6.4
CVE-2025-1406
MEDIUM
Newpost Catch <= 1.3.19 - Authenticated Stored Cross-Site Scripting via npc Shortcode
CVSS 6.4
CVE-2025-27088
HIGH
oxyno-zeta/s3-proxy < 4.18.1 - Reflected Cross-Site Scripting via Request.URL.Path
CVSS 8.2
CVE-2025-25957
MEDIUM
xunruicms < 4.6.3 - Cross-Site Scripting
CVSS 6.1
CVE-2025-25960
MEDIUM
phpcms v9 9.6.3 - Cross-Site Scripting via Member Center Menu Interface
CVSS 6.1
CVE-2025-25958
MEDIUM
phpcms v9.6.3 - Cross-Site Scripting
CVSS 5.4
CVE-2025-25299
LOW
CKEditor 5 Real-Time Collaboration 41.3.0-44.2.0 - Cross-Site Scripting in User Markers
CVE-2025-25973
MEDIUM
Ppress 0.0.9 - Stored Cross-Site Scripting via Article Metadata Parameters
CVSS 6.5
CVE-2025-1039
HIGH
Lenix Elementor Leads Addon < 1.8.3 - Unauthenticated Stored Cross-Site Scripting via URL Form Field
CVSS 7.2
CVE-2025-1328
MEDIUM
Typed JS: A typewriter style animation < 1.2.0 - Authenticated Stored Cross-Site Scripting via typespeed Parameter
CVSS 6.4
CVE-2025-1064
MEDIUM
Login/Signup Popup ( Inline Form + Woocommerce ) <2.8.5 - XSS
CVSS 6.4
CVE-2025-0897
MEDIUM
Modal Window < 6.1.5 - Authenticated Stored Cross-Site Scripting via iframeBox Shortcode
CVSS 6.4
CVE-2025-20211
MEDIUM
Cisco BroadWorks - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-0916
HIGH
YaySMTP 2.4.9-2.6.2 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-1024
MEDIUM
ChurchCRM < 5.13.0 - Authenticated Reflected Cross-Site Scripting via EID Parameter
CVSS 4.8
CVE-2025-25054
MEDIUM
Movable Type 8.0.x < 8.0.5 and 8.4.x < 8.4.1 - Authenticated XSS in User Info Edit
CVSS 6.1
CVE-2025-24841
MEDIUM
Movable Type 8.4.x < 8.4.1 and 8.0.x < 8.0.5 - Stored Cross-Site Scripting in MT Block Editor HTML Mode
CVSS 5.4
CVE-2025-22888
MEDIUM
Movable Type 8.4.x < 8.4.1 and 8.0.x < 8.0.5 - Stored Cross-Site Scripting in Custom Block Edit Page
CVSS 5.4
CVE-2025-1065
MEDIUM
WordPress Tables and Charts Manager <3.11.8 - XSS
CVSS 6.4
CVE-2025-22622
MEDIUM
Age Verification 1.20.0 - Cross-Site Scripting in Dynamic Web Content Generation
CVSS 4.3
CVE-2025-27016
MEDIUM
awsm.in Drivr Lite - Google Drive Plugin <1.0.1 - XSS
CVSS 6.5
CVE-2025-22650
MEDIUM
Erez Hadas-Sonnenschein Smartarget <1.4 - XSS
CVSS 6.5
CVE-2025-25300
LOW
smartbanner.js <1.14.1 - Open Redirect
CVE-2025-0817
HIGH
FormCraft < 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 7.2
CVE-2025-0521
HIGH
Post SMTP < 3.0.2 - Unauthenticated Stored Cross-Site Scripting via From and Subject Parameters
CVSS 7.2
Details
Vulnerabilities
45,278
Exploit Likelihood
High