CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-1354
MEDIUM
ASUS RT-N10E and RT-N12E - Stored Cross-Site Scripting via SSID Parameter in sysinfo.asp
CVE-2025-1337
LOW
Eastnets PaymentSafe <2.5.26.0 - XSS
CVSS 3.5
CVE-2025-1332
LOW
FastCMS < 0.1.5 - Cross-Site Scripting in Template Menu
CVSS 2.4
CVE-2025-1005
MEDIUM
ElementsKit Elementor addons <3.4.0 - XSS
CVSS 6.4
CVE-2025-25304
MEDIUM
Vega < 5.26.0 and vega-selections < 5.4.2 - Cross-Site Scripting via vlSelectionTuples Function
CVE-2025-25296
MEDIUM
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
CVSS 6.1
CVE-2025-26158
MEDIUM
Kashipara Online Attendance Management System V1.0 - Stored Cross-Site Scripting via Department Parameter
CVSS 5.6
CVE-2025-25990
MEDIUM
hoosk 1.7.1 - Cross-Site Scripting via /install/index.php
CVSS 6.1
CVE-2025-25988
MEDIUM
hoosk 1.8 - Cross-Site Scripting via Custom Link Title Parameter
CVSS 4.8
CVE-2025-1239
MEDIUM
WatchGuard Fireware OS 12.0-12.5.12+701324 12.6-12.11 - Authenticated Stored Cross-Site Scripting via Blocked Sites List
CVE-2025-1071
MEDIUM
WatchGuard Fireware 12.0-12.5.12+701324 12.6-12.11 - Authenticated Stored Cross-Site Scripting in spamBlocker Module
CVSS 4.8
CVE-2025-24700
HIGH
WP Event Aggregator <= 1.8.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24688
HIGH
brandtoss WP Mailster <1.8.20.0 - XSS
CVSS 7.1
CVE-2025-24641
HIGH
rickonline_nl Better WishList API <1.1.3 - XSS
CVSS 7.1
CVE-2025-24617
HIGH
AcyMailing SMTP Newsletter < 9.11.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24616
HIGH
UIUX Lab Uix Page Builder <1.7.3 - XSS
CVSS 7.1
CVE-2025-24615
HIGH
fatcatapps Analytics Cat <1.1.2 - XSS
CVSS 7.1
CVE-2025-24614
HIGH
agileLogix Post Timeline <2.3.9 - XSS
CVSS 7.1
CVE-2025-24592
HIGH
SysBasics Customize My Account for WooCommerce <2.8.22 - XSS
CVSS 7.1
CVE-2025-24566
HIGH
Intro Tour Tutorial DeepPresentation <6.5.2 - XSS
CVSS 7.1
CVE-2025-24565
HIGH
Saleswonder Team Tobias WP2LEADS - XSS
CVSS 7.1
CVE-2025-24564
HIGH
aviplugins.com Contact Form With Shortcode <4.2.5 - XSS
CVSS 7.1
CVE-2025-24558
HIGH
CRM Perks <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24554
HIGH
AWcode Toolkit <= 1.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23905
HIGH
Johannes van Poelgeest Admin Options <0.9.7 - XSS
CVSS 7.1
Details
Vulnerabilities
45,278
Exploit Likelihood
High