CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2025-15636 MEDIUM
WordPress YouTube Showcase plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-40899 HIGH
Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0
CVSS 8.9
CVE-2025-65136 MEDIUM
School-management-system 1.0 - Reflected Cross-Site Scripting via pagedes POST Parameter
CVSS 6.1
CVE-2025-65134 MEDIUM
School-management-system 1.0 - Reflected Cross-Site Scripting via Email POST Parameter
CVSS 6.1
CVE-2025-65132 MEDIUM
hotel-management-php 1.0 - Cross-Site Scripting via room_id GET Parameter
CVSS 6.1
CVE-2025-61886 MEDIUM
FortiSandbox 5.0.0-5.0.4 and FortiSandbox PaaS 5.0.0-5.0.4 - Cross-Site Scripting via Crafted HTTP Requests
CVSS 5.4
CVE-2025-69993 MEDIUM
Leaflet <= 1.9.4 - Cross-Site Scripting via bindPopup() Method
CVSS 6.1
CVE-2025-70936 MEDIUM
Vtiger CRM 8.4.0 - Reflected Cross-Site Scripting in MailManager Module via _folder Parameter
CVSS 5.4
CVE-2025-63743 MEDIUM
Snipe-IT 8.3.0-8.3.1 - Authenticated Stored Cross-Site Scripting via Name and Surname Fields
CVSS 5.4
CVE-2025-15632 LOW
1Panel-dev MaxKB MdPreview chat.ts cross site scripting
CVSS 3.5
CVE-2025-58920 HIGH
WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-70797 MEDIUM
LimeSurvey 6.15.20+251021 - Cross-Site Scripting via Box Title and URL Parameters
CVSS 6.1
CVE-2025-63238 MEDIUM
LimeSurvey < 6.15.12 - Reflected Cross-Site Scripting via gid Parameter in getInstance()
CVSS 6.1
CVE-2025-70365 MEDIUM
Kiamo < 8.4 - Authenticated Stored Cross-Site Scripting in Administrative Interfaces
CVSS 5.4
CVE-2025-45806 MEDIUM
rrweb-snapshot <2.0.0-alpha.18 - XSS
CVSS 6.1
CVE-2025-1794 MEDIUM
AM LottiePlayer <= 3.6.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
CVSS 5.4
CVE-2025-15064 MEDIUM
Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets
CVSS 6.4
CVE-2025-13368 MEDIUM
Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-66484 MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-13535 MEDIUM
King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets
CVSS 6.4
CVE-2025-62184 LOW
Pega Platform 8.1.0 to 25.1.0 - UI Stored Cross-Site Scripting
CVSS 3.4
CVE-2025-41357 MEDIUM
Reflected Cross-Site Scripting on Anon Proxy Server
CVSS 6.1
CVE-2025-41356 MEDIUM
Reflected Cross-Site Scripting in Anon Proxy Server
CVSS 6.1
CVE-2025-41355 MEDIUM
Reflected Cross-Site Scripting on Anon Proxy Server
CVSS 6.1
CVE-2025-10553 HIGH
DELMIA Factory Resource Manager R2023x-R2025x - Stored XSS
CVSS 8.7
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits