CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-22276
MEDIUM
Related Post Shortcode <= 1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22267
MEDIUM
Weaver Themes Shortcode Compatibility <1.0.4 - XSS
CVSS 6.5
CVE-2025-24018
HIGH
YesWiki <= 4.4.5 - Authenticated Stored Cross-Site Scripting via Attach Component
CVSS 7.6
CVE-2025-24017
HIGH
YesWiki <= 4.4.5 - DOM-Based Cross-Site Scripting via Tag Search Feature
CVSS 7.6
CVE-2025-24012
MEDIUM
Umbraco CMS 14.0.0-14.3.1 - Authenticated Cross-Site Scripting in Localized Backoffice Components
CVSS 4.6
CVE-2025-23998
HIGH
raratheme UltraLight <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23997
MEDIUM
Tamara Checkout < 1.9.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22825
MEDIUM
Flexible PDF Coupons < 1.10.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22763
HIGH
Brizy Pro < 2.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22735
HIGH
TaxoPress WordPress Tag Cloud Plugin - XSS
CVSS 7.1
CVE-2025-22733
HIGH
WPHocus My auctions allegro <3.6.18 - XSS
CVSS 7.1
CVE-2025-22732
MEDIUM
Admiral Ad Blocking Detector <3.6.0 - XSS
CVSS 6.5
CVE-2025-22727
MEDIUM
PluginOps MailChimp Subscribe Forms <4.1 - XSS
CVSS 6.5
CVE-2025-22719
HIGH
VikAppointments Services Booking Calendar <= 1.2.16 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22718
MEDIUM
FAT Event Lite <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22711
HIGH
Thomas Maier Image Source Control <2.29.0 - XSS
CVSS 7.1
CVE-2025-22709
HIGH
Verge3D <= 4.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22706
HIGH
Social Pug: Author Box <1.0.0 - XSS
CVSS 7.1
CVE-2025-22322
HIGH
Private Messages for UserPro <= 4.10.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22262
MEDIUM
Bonjour Bar <= 1.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-0450
MEDIUM
Betheme <= 27.6.1 - Authenticated Stored Cross-Site Scripting via Custom JS Functionality
CVSS 6.4
CVE-2025-0371
MEDIUM
JetElements < 2.7.3 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-22131
MEDIUM
PhpSpreadsheet <1.29.8 and 3.0.0-3.7.9 - Cross-Site Scripting in XLSX to HTML Translation
CVSS 6.1
CVE-2025-0581
LOW
CampCodes School Management Software 1.0 - XSS
CVSS 3.5
CVE-2025-0583
MEDIUM
a+HRD < 7.5 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities
45,293
Exploit Likelihood
High