CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-22320
HIGH
ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22316
MEDIUM
WPBITS Addons For Elementor Page Builder <1.5.1 - XSS
CVSS 5.9
CVE-2025-22315
MEDIUM
WPDeveloper Typing Text <1.2.7 - XSS
CVSS 6.5
CVE-2025-22312
MEDIUM
ThimPress Thim Elementor Kit <1.2.8 - XSS
CVSS 6.5
CVE-2025-22310
MEDIUM
TemplatesNext ToolKit <= 3.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22309
MEDIUM
SpeakOut! Email Petitions <4.4.2 - XSS
CVSS 6.5
CVE-2025-22308
MEDIUM
inc2734 Smart Custom Fields <5.0.0 - XSS
CVSS 6.5
CVE-2025-22293
MEDIUM
Gutentor <= 3.4.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22261
MEDIUM
Pixelite WP FullCalendar <1.5 - XSS
CVSS 6.5
CVE-2025-21616
MEDIUM
Plane < 0.23.0 - Authenticated Stored Cross-Site Scripting via SVG Profile Image Upload
CVSS 5.4
CVE-2025-21612
HIGH
TabberNeue 1.9.1-2.7.1 - Cross-Site Scripting in TabberTransclude.php
CVSS 8.6
CVE-2025-0228
LOW
Code-projects Local Storage Todo App 1.0 - XSS
CVSS 2.4
CVE-2025-0220
LOW
Trimble SPS851 488.01 - Cross-Site Scripting via Hostname Argument
CVSS 2.4
CVE-2025-0219
LOW
Trimble SPS851 488.01 - Cross-Site Scripting via System Name Argument
CVSS 2.4
CVE-2025-22388
MEDIUM
Optimizely CMS < 12.22.0 - Stored Cross-Site Scripting in Content Editing and Link Management
CVSS 5.7
CVE-2025-22383
MEDIUM
Optimizely Configured Commerce < 5.2.2408 - Cross-Site Scripting in Contact Us Functionality
CVSS 4.6
CVE-2025-21610
MEDIUM
Trix < 2.1.12 - Cross-Site Scripting via Malicious Link Field Paste
CVSS 5.3
CVE-2025-0175
LOW
code-projects Online Shop 1.0 - XSS
CVSS 3.5
CVE-2024-49269
HIGH
WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2024-30476
MEDIUM
Dell PowerStore - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2024-47097
MEDIUM
Reflected Cross-Site Scripting in Follet School Solutions Destiny
CVE-2024-47096
MEDIUM
Reflected Cross-Site Scripting in Follet School Solutions Destiny
CVE-2024-33724
MEDIUM
SOPlanning 1.52.00 - Cross-Site Scripting via groupe_id Parameter
CVSS 5.4
CVE-2024-13362
MEDIUM
Freemius SDK <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting
CVSS 6.1
CVE-2024-58344
MEDIUM
Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
CVSS 6.4
Details
Vulnerabilities
45,293
Exploit Likelihood
High