CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-25098
MEDIUM
Zack Katz Links in Captions <1.2 - XSS
CVSS 6.5
CVE-2025-25097
MEDIUM
kwiliarty External Video For Everybody <2.1.1 - XSS
CVSS 6.5
CVE-2025-25096
MEDIUM
RSS in Page <= 2.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25095
MEDIUM
ReverbNation Widgets <= 2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25094
MEDIUM
Amitythemes.com Breaking News Ticker <2.4.4 - XSS
CVSS 6.5
CVE-2025-25091
MEDIUM
zackdesign NextGen Cooliris Gallery <0.8 - XSS
CVSS 6.5
CVE-2025-25085
MEDIUM
matt_mcbrien WP SimpleWeather <0.2.5 - XSS
CVSS 6.5
CVE-2025-25082
MEDIUM
Max Chirkov FlexIDX Home Search <2.1.2 - XSS
CVSS 6.5
CVE-2025-25080
MEDIUM
gubbigubbi Kona Gallery Block <1.7 - XSS
CVSS 6.5
CVE-2025-25079
MEDIUM
Garrett Grimm Simple Select All Text Box <3.2 - XSS
CVSS 6.5
CVE-2025-25078
MEDIUM
Andrew Norcross Google Earth Embed <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-25077
MEDIUM
dugbug Easy Chart Builder <1.3 - XSS
CVSS 6.5
CVE-2025-25076
MEDIUM
Graceful Email Obfuscation <0.2.2 - XSS
CVSS 6.5
CVE-2025-25073
MEDIUM
Vasilis Triantafyllou Easy WP Tiles - XSS
CVSS 5.9
CVE-2025-22402
LOW
Dell Update Manager Plugin 1.5.0-1.6.0 - Cross-Site Scripting
CVSS 2.6
CVE-2025-1085
MEDIUM
Animati PACS <= 1.24.12.09.03 - Cross-Site Scripting via /login p Parameter
CVSS 4.3
CVE-2025-1082
LOW
Mindskip xzs-mysql 3.9.0 - Stored Cross-Site Scripting in Exam Edit Handler
CVSS 3.5
CVE-2025-24981
CRITICAL
Nuxt MDC <0.13.3 - JavaScript URL Cross-Site Scripting
CVSS 9.3
CVE-2025-1076
MEDIUM
Holded - Stored Cross-Site Scripting via Activities Name and Icon Parameters
CVSS 4.8
CVE-2025-24803
MEDIUM
Mobile Security Framework < 4.3.1 - Stored Cross-Site Scripting via CFBundleIdentifier
CVSS 5.4
CVE-2025-24372
HIGH
CKAN < 2.10.7 and 2.11.0-2.11.2 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 7.3
CVE-2025-24320
HIGH
BIG-IP 15.1.0-15.1.10.6 - Stored Cross-Site Scripting in Configuration Utility
CVSS 8.0
CVE-2025-20205
MEDIUM
Cisco Identity Services Engine 3.0.0-3.2 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20204
MEDIUM
Cisco Identity Services Engine 3.0.0-3.2 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20180
MEDIUM
Cisco AsyncOS - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.8
Details
Vulnerabilities
45,287
Exploit Likelihood
High