CWE-79 Weakness

Filtered by CWE-79

Total 38585 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-33844	1 Ibm	1 Security Verify Governance	2025-08-16	5.4 Medium
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-54704	3 Elementor, Hashthemes, Wordpress	3 Elementor, Easy Elementor Addons, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6.
CVE-2025-54699	2 Masteriyo, Wordpress	2 Masteriyo, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3.
CVE-2025-49038	2 Soflyy, Wordpress	2 Wp Dynamic Links, Wordpress	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic Links: from n/a through 1.0.1.
CVE-2025-47610	3 Wetail, Woocommerce, Wordpress	3 Woocommerce Fortnox Integration, Woocommerce, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.
CVE-2025-28999	3 Woocommerce, Wordpress, Zoomit	3 Woocommerce, Wordpress, Woocommerce Shop Page Builder	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2025-54696	2 Getwpfunnels, Wordpress	2 Wpfunnels, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
CVE-2025-54684	2 Crmperks, Wordpress	2 Integration For Contact Form 7 And Constant Contact, Wordpress	2025-08-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7.
CVE-2025-54687	2 Crocoblock, Wordpress	2 Jettabs, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.
CVE-2025-54668	2 Mycred, Wordpress	2 Mycred, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3.
CVE-2025-30626	3 Lambertgroup, Wordpress, Wpbakery	4 Multimedia Playlist Slider Addon For Wpbakery Page Builder, Wordpress, Page Builder and 1 more	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1.
CVE-2025-7761	1 Lepszybip	1 Lepszybip	2025-08-16	N/A
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable.
CVE-2025-52730	2 Themefunction, Wordpress	2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.
CVE-2025-28975	2 Redqteam, Wordpress	2 Alike Wordpress Custom Post Comparison, Wordpress	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1.
CVE-2025-53575	3 Primersoftware, Woocommerce, Wordpress	3 Primer Mydata For Woocommerce, Woocommerce, Wordpress	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through 4.2.5.
CVE-2025-55709	2 Visualcomposer, Wordpress	2 Visual Composer Website Builder, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a.
CVE-2025-54729	2 Webba-booking, Wordpress	2 Webba Booking, Wordpress	2025-08-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects Webba Booking: from n/a through 6.0.5.
CVE-2025-54727	2 Cminds, Wordpress	3 Cm On Demand Search And Replace, Cm Search And Replace, Wordpress	2025-08-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2.
CVE-2024-37945	2 Wordpress, Wpbits	2 Wordpress, Wpbits Addons For Elementor Page Builder	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.
CVE-2025-55711	2 Wordpress, Wptablebuilder	2 Wordpress, Wp Table Builder	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/a through 2.0.12.

« first previous Page 51 of 1930. next last »