Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 43129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-48349 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery smart-grid-gallery allows Stored XSS.This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through <= 1.1.7.
CVE-2025-48347 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress bxslider-integration allows Stored XSS.This issue affects bxSlider integration for WordPress: from n/a through <= 1.7.2.
CVE-2025-48345 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button cf7-editor-button allows Reflected XSS.This issue affects Contact Form 7 Editor Button: from n/a through <= 1.0.0.
CVE-2025-48341 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through <= 1.15.33.
CVE-2025-48333 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through < 4.19.1.
CVE-2025-48329 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48324 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster tlitl-auto-twitter-poster allows Stored XSS.This issue affects tli.tl auto Twitter poster: from n/a through <= 3.4.
CVE-2025-48323 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu advance-food-menu allows Stored XSS.This issue affects Advance Food Menu: from n/a through <= 1.0.
CVE-2025-48322 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget statify-widget allows Stored XSS.This issue affects Statify Widget: from n/a through <= 1.4.6.
CVE-2025-48319 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget mesa-mesa-reservation-widget allows Stored XSS.This issue affects Mesa Mesa Reservation Widget: from n/a through <= 1.0.0.
CVE-2025-48316 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.This issue affects Responsive Mobile-Friendly Tooltip: from n/a through <= 1.6.6.
CVE-2025-48315 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through <= 0.51.
CVE-2025-48314 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head: from n/a through <= 1.17.
CVE-2025-48313 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through <= 2.2.
CVE-2025-48312 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译(WP Chinese Translation) WPAvatar wpavatar allows Stored XSS.This issue affects WPAvatar: from n/a through <= 1.9.4.
CVE-2025-48305 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects Goal Tracker for Patreon: from n/a through <= 0.4.6.
CVE-2025-48297 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-48296 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through <= 1.7.0.
CVE-2025-48295 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Stored XSS.This issue affects Easy Elementor Addons: from n/a through <= 2.2.5.
CVE-2025-48291 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 26.0.6.