CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2025-61311 HIGH
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 7.3
CVE-2025-61310 MEDIUM
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 6.1
CVE-2025-61309 MEDIUM
GmbH Mecury Managed Print Services (docuForm) 11.11c - Reflected Cross-Site Scripting in dfm-menu_departments.php
CVSS 6.1
CVE-2025-61308 MEDIUM
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 6.1
CVE-2025-61307 MEDIUM
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 6.1
CVE-2025-61306 MEDIUM
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 6.1
CVE-2025-61305 MEDIUM
GmbH Mecury Managed Print Services 11.11c - XSS
CVSS 6.1
CVE-2025-67202 MEDIUM
sidekiq-cron < 2.4.0 - Cross-Site Scripting via cron.erb URL Rendering
CVSS 6.1
CVE-2025-62127 MEDIUM
WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2025-59854 LOW
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability
CVSS 3.1
CVE-2025-31970 MEDIUM
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
CVSS 5.3
CVE-2025-52206 MEDIUM
ISPConfig 3.3.0 - Cross-Site Scripting via System Status Webpage
CVSS 4.7
CVE-2025-14320 CRITICAL
XSS in Tegsoft's Online Support Application
CVSS 9.8
CVE-2025-69606 MEDIUM
GSVoIP 2.0.90 - Cross-Site Scripting via msg Parameter in /painel/gateways.php/error Endpoint
CVSS 6.1
CVE-2025-56537 MEDIUM
OpenNebula < 7.0.0 - Stored Cross-Site Scripting via Virtual Network Template Parameter
CVSS 6.1
CVE-2025-56536 MEDIUM
opennebula < 7.0.0 - Stored Cross-Site Scripting via User Information Parameter
CVSS 6.1
CVE-2025-56535 MEDIUM
OpenNebula < 7.0.0 - Cross-Site Scripting via Zone Attribute Parameter
CVSS 6.1
CVE-2025-56534 MEDIUM
opennebula < 7.0.0 - Cross-Site Scripting via Custom Authenticator Driver
CVSS 6.1
CVE-2025-10503 MEDIUM
Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server
CVSS 6.1
CVE-2025-61872 MEDIUM
Mahara < 25.04.2 and 24.04.11 - Cross-Site Scripting via Elasticsearch7 Query Parameter
CVSS 6.1
CVE-2025-62110 MEDIUM
WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-41011 MEDIUM
HTML injection in PHP Point Of Sale
CVSS 6.1
CVE-2025-10354 MEDIUM
Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki
CVE-2025-6024 MEDIUM
Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites
CVSS 6.1
CVE-2025-13364 MEDIUM
WP Maps <= 4.8.7 - Authenticated Stored XSS via 'put_wpgm' Shortcode
CVSS 6.4
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits