CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-24632
HIGH
AlgolPlus Advanced Dynamic Pricing <4.9.0 - XSS
CVSS 7.1
CVE-2025-24609
HIGH
PORTONE <= 3.2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24608
HIGH
GD Mail Queue <= 4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24563
HIGH
ThemeGlow Cleanup - Classifieds WP <1.0.4 - XSS
CVSS 7.1
CVE-2025-24560
HIGH
Awesome Event Booking <= 2.7.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24551
HIGH
OneTeamSoftware Radio Buttons & Swatches - WooCommerce <1.1.20 - XSS
CVSS 7.1
CVE-2025-24535
HIGH
SKT Donation <= 1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24534
HIGH
Emili Castells DPortfolio <2.0 - XSS
CVSS 7.1
CVE-2025-23987
MEDIUM
Designer <= 1.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23759
HIGH
LeduChuy89VN Affiliate Tools <0.3.17 - XSS
CVSS 7.1
CVE-2025-23671
HIGH
WP OpenSearch <= 1.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23596
HIGH
Notifikcie.sk <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22757
MEDIUM
CodeBard Help Desk <= 1.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22564
HIGH
Pretty Url <= 1.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22341
HIGH
Hide Login+ <= 3.5.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22332
HIGH
CloudFlare(R) Cache Purge <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0809
HIGH
Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting via Broken Links
CVSS 7.2
CVE-2025-0507
MEDIUM
Ticketmeo - Sell Tickets - Event Ticketing <2.3.6 - XSS
CVSS 6.4
CVE-2025-0470
MEDIUM
Forminator Forms - WordPress <1.38.2 - XSS
CVSS 6.1
CVE-2025-24885
HIGH
pwncollege/dojo - Stored Cross-Site Scripting via Custom Page Rendering
CVSS 7.6
CVE-2025-22221
MEDIUM
VMware Aria Operation for Logs - XSS
CVSS 5.2
CVE-2025-22219
MEDIUM
VMware Aria Operations for Logs - XSS
CVSS 6.8
CVE-2025-0871
LOW
Maybecms 1.2 - Cross-Site Scripting via data_info[content] Parameter
CVSS 3.5
CVE-2025-0869
MEDIUM
Cianet ONU GW24AC <= 20250127 - Cross-Site Scripting via Login browserLang Parameter
CVSS 4.3
CVE-2025-0747
HIGH
EmbedAI < 2.1 - Authenticated Stored Cross-Site Scripting in Chat Message
CVSS 8.6
Details
Vulnerabilities
45,287
Exploit Likelihood
High