CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-20179
MEDIUM
Cisco TelePresence Video Communication Server (VCS) Expressway - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-22602
MEDIUM
Discourse - Stored Cross-Site Scripting via Video Placeholder HTML Element
CVSS 6.5
CVE-2025-24967
MEDIUM
reNgine <= 2.2.0 - Stored Cross-Site Scripting in Admin Panel User Management
CVSS 5.4
CVE-2025-24966
MEDIUM
yogeshojha/rengine <= 2.2.0 - HTML Injection in Add Target Functionality
CVSS 5.4
CVE-2025-24602
HIGH
WP24 Domain Check <= 1.10.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24599
HIGH
Tribulant Newsletters <4.9.9.6 - XSS
CVSS 7.1
CVE-2025-24598
HIGH
WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23645
HIGH
Optimize Worldwide Find Content IDs - XSS
CVSS 7.1
CVE-2025-22794
HIGH
Landoweb Programador World Cup Predictor <1.9.6 - XSS
CVSS 7.1
CVE-2025-22697
MEDIUM
CyberChimps Responsive Blocks <= 1.9.9 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-22675
MEDIUM
Alert Box Block < 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22674
MEDIUM
Get Bowtied Product Blocks for WooCommerce <1.9.1 - XSS
CVSS 6.5
CVE-2025-22664
MEDIUM
Survey Maker <= 5.1.3.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22662
MEDIUM
SendPulse Email Marketing <2.1.5 - XSS
CVSS 6.5
CVE-2025-22653
MEDIUM
templaza Music Press Pro <1.4.6 - XSS
CVSS 6.5
CVE-2025-22642
MEDIUM
RTO GmbH Dynamic Conditions <1.7.4 - XSS
CVSS 6.5
CVE-2025-22641
MEDIUM
Prem Tiwari FM Notification Bar <1.0.2 - XSS
CVSS 5.9
CVE-2025-1015
MEDIUM
Thunderbird 128.0.1-128.6.9, 128.7-128.*, >=135 - Stored Cross-Site Scripting via Address Book URI Field Import
CVSS 5.4
CVE-2025-0368
MEDIUM
Banner Garden < 0.1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-23210
MEDIUM
PHPOffice PhpSpreadsheet <3.9.0, 2.0.0-2.1.8, 2.2.0-2.3.7, <1.29.9 - XSS via JavaScript Protocol Bypass
CVE-2025-24781
HIGH
WPJobBoard < 5.10.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24707
HIGH
GT3 Photo Gallery < 2.7.7.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24684
HIGH
Ederson Peka Media Downloader <0.4.7.5 - XSS
CVSS 7.1
CVE-2025-24676
HIGH
umangmetatagg Custom WP Store Locator <1.4.7 - XSS
CVSS 7.1
CVE-2025-24660
HIGH
wp.insider Simple Membership Custom Messages <2.4 - XSS
CVSS 7.1
Details
Vulnerabilities
45,287
Exploit Likelihood
High