CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-22568
HIGH
Paramveer Singh - Arete IT Private Limited - XSS
CVSS 7.1
CVE-2025-22567
HIGH
TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22514
HIGH
Yamna Tatheer KNR Author List Widget <3.1.1 - XSS
CVSS 7.1
CVE-2025-22506
HIGH
Smart Agenda <= 4.7 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22499
HIGH
FAKTOR VIER F4 Post Tree <1.1.18 - XSS
CVSS 7.1
CVE-2025-22498
HIGH
LucidLMS <= 1.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22344
HIGH
Convoy Media Category Library <2.7 - XSS
CVSS 7.1
CVE-2025-22337
HIGH
Order Audit Log for WooCommerce <2.0 - XSS
CVSS 7.1
CVE-2025-22314
HIGH
WP Scripts Food Store - Online Food Delivery & Pickup <1.5.1 - XSS
CVSS 7.1
CVE-2025-0400
LOW
starsea-mall 1.0 - Cross-Site Scripting via /admin/categories/update categoryName Parameter
CVSS 2.4
CVE-2025-0398
LOW
longpi1 warehouse 1.0 - Cross-Site Scripting via Remark Parameter
CVSS 2.4
CVE-2025-0397
LOW
reckcn SPPanAdmin 1.0 - Cross-Site Scripting via /admin/role/edit Name Parameter
CVSS 3.5
CVE-2025-23108
MEDIUM
Firefox for iOS < 134 - URL Spoofing via JavaScript Link Long-Press
CVSS 4.3
CVE-2025-0104
MEDIUM
Palo Alto Networks Expedition - XSS
CVSS 6.1
CVE-2025-23112
MEDIUM
REDCap 14.9.6 - Authenticated Stored Cross-Site Scripting in Survey Field Name
CVSS 6.1
CVE-2025-23111
MEDIUM
REDCap 14.9.6 - HTML Injection via Survey Field Name
CVSS 4.7
CVE-2025-23110
MEDIUM
REDCap 14.9.6 - Reflected Cross-Site Scripting via CSV Alert Configuration Email Subject
CVSS 6.1
CVE-2025-23079
MEDIUM
Mediawiki - ArticleFeedbackv5 <1.42.2 - XSS
CVSS 6.1
CVE-2025-23078
MEDIUM
Wikimedia Foundation Mediawiki - Breadcrumbs2 <1.39.11-1.42.4 - XSS
CVSS 6.5
CVE-2025-22600
MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via configuracao_doacao.php avulso Parameter
CVSS 6.5
CVE-2025-22599
MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via home.php msg_c Parameter
CVSS 6.5
CVE-2025-22598
HIGH
WeGIA < 3.2.8 - Stored Cross-Site Scripting via cadastrarSocio.php local_recepcao Parameter
CVSS 8.3
CVE-2025-22597
HIGH
WeGIA < 3.2.8 - Stored Cross-Site Scripting via CobrancaController.php local_recepcao Parameter
CVSS 8.3
CVE-2025-22596
MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via modulos_visiveis.php msg_c Parameter
CVSS 6.5
CVE-2025-0311
MEDIUM
Orbit Fox by ThemeIsle <2.10.43 - XSS
CVSS 6.4
Details
Vulnerabilities
45,293
Exploit Likelihood
High