CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-23525
HIGH
Kv Compose Email From Dashboard <1.1 - XSS
CVSS 7.1
CVE-2025-23523
HIGH
HSS Embed Streaming Video <3.23 - XSS
CVSS 7.1
CVE-2025-23492
HIGH
CantonBolo WordPress Taobao Plugin <1.1.2 - XSS
CVSS 7.1
CVE-2025-23474
HIGH
Mike Martel Live Dashboard <0.3.3 - XSS
CVSS 7.1
CVE-2025-23431
HIGH
Envato Affiliater <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23428
HIGH
QMean - WordPress Did You Mean <2.0 - XSS
CVSS 7.1
CVE-2025-26791
MEDIUM
DOMPurify < 3.2.4 - Cross-Site Scripting via Incorrect Template Literal Regular Expression
CVSS 4.5
CVE-2025-25287
MEDIUM
Lakeus <1.3.1+REL1.39,1.3.1+REL1.42,1.4.0 - XSS
CVSS 4.7
CVE-2025-26574
MEDIUM
Moch Amir Google Drive WP Media <2.4.4 - XSS
CVSS 6.5
CVE-2025-26567
MEDIUM
Font Awesome WP <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26561
MEDIUM
Elfsight Yottie Lite <= 1.3.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-26558
MEDIUM
mkkmail Aparat Responsive <1.3 - XSS
CVSS 6.5
CVE-2025-26552
HIGH
Naver Syndication V2 <= 0.8.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26551
HIGH
Bootstrap collapse <= 1.0.4 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26539
MEDIUM
petkivim Embed Google Map <3.2 - XSS
CVSS 6.5
CVE-2025-26538
MEDIUM
Prezi Embedder <= 2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-1271
MEDIUM
Anapi Group h6web - Reflected Cross-Site Scripting via URL Injection
CVSS 6.1
CVE-2025-0692
LOW
Simple Video Management System WordPress <1.0.4 - XSS
CVSS 3.5
CVE-2025-0837
MEDIUM
Puzzles < 4.2.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-1213
LOW
PiHome 1.77 - Cross-Site Scripting via PHP_SELF Parameter
CVSS 3.5
CVE-2025-1209
LOW
Wazifa System 1.0 - Cross-Site Scripting via searchuser Function
CVSS 3.5
CVE-2025-1208
LOW
Wazifa System 1.0 - Cross-Site Scripting via Profile.php postcontent Parameter
CVSS 3.5
CVE-2025-0376
HIGH
GitLab 13.3-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Cross-Site Scripting via Change Page
CVSS 8.7
CVE-2025-1196
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via PropertyName Parameter
CVSS 3.5
CVE-2025-1195
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via CategoryId Parameter
CVSS 3.5
Details
Vulnerabilities
45,278
Exploit Likelihood
High