CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2025-10551
HIGH
ENOVIA Collaborative Industry Innovator R2023x-R2025x - Stored XSS in Document Management
CVSS 8.7
CVE-2025-61190
MEDIUM
DSpace JSPUI 6.5 - Reflected Cross-Site Scripting via Search Filter Parameter
CVSS 6.1
CVE-2025-41027
MEDIUM
GDTaller app_recuperarclave.php site Parameter - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-41026
MEDIUM
GDTaller app_login.php site Parameter - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-69096
HIGH
WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-40842
MEDIUM
Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
CVSS 6.1
CVE-2025-60948
MEDIUM
Census CSWeb 8.0.1 - Authenticated Stored Cross-Site Scripting in User Supplied Fields
CVSS 4.6
CVE-2025-52204
MEDIUM
Znuny::ITSM 6.5.x - Cross-Site Scripting via OTRSCustomerInterface Parameter
CVSS 6.1
CVE-2025-6229
MEDIUM
Sina Extension for Elementor < 3.7.0 - Authenticated Stored Cross-Site Scripting via Fancy Text and Countdown Widgets
CVSS 6.4
CVE-2025-71276
MEDIUM
SOGo < 5.12.5 - Stored Cross-Site Scripting in Events, Tasks, and Contacts Categories
CVSS 6.4
CVE-2025-13910
MEDIUM
WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-63260
MEDIUM
SyncFusion 30.1.37 - Stored Cross-Site Scripting via Document-Editor Comment and Chat-UI Message
CVSS 5.4
CVE-2025-68836
HIGH
WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-67618
HIGH
WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-62043
MEDIUM
WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2025-53222
HIGH
WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-50001
HIGH
WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2025-15051
MEDIUM
IBM QRadar SIEM Cross-Site Scripting
CVSS 5.4
CVE-2025-12518
MEDIUM
Befree SDK < 3.47.0 - Stored Cross-Site Scripting via Social Media Icon URL Parameter
CVE-2025-15363
MEDIUM
Get Use APIs WordPress Plugin <2.0.10 - Contributor Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-62320
MEDIUM
HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform
CVSS 4.7
CVE-2025-65734
MEDIUM
gunet Open eClass 3.11 - Authenticated RCE
CVSS 5.4
CVE-2025-57543
MEDIUM
NetBox 4.3.5 - Stored Cross-Site Scripting in Comment Field
CVSS 6.1
CVE-2025-2274
MEDIUM
Stored Cross Site Scripting in Forcepoint Web Security
CVSS 6.1
CVE-2025-69245
MEDIUM
Reflected XSS in Raytha CMS
CVSS 6.1
Details
Vulnerabilities
44,966
Exploit Likelihood
High