CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2025-66024
CRITICAL
XWiki Blog Application < 9.15.7 - Stored Cross-Site Scripting via Blog Post Title
CVSS 9.0
CVE-2025-40895
MEDIUM
Nozomi Networks CMC < 25.6.0 - Authenticated Stored HTML Injection in Sensor Map
CVSS 4.8
CVE-2025-40894
MEDIUM
Nozomi Networks CMC and Guardian < 25.6.0 - Authenticated Stored HTML Injection in Alerted Nodes Dashboard
CVSS 4.4
CVE-2025-15599
MEDIUM
DOMPurify 3.1.3-3.2.6/2.5.3-2.5.8 - XSS
CVSS 6.1
CVE-2025-66880
MEDIUM
Wethink 720yun pano-sdk 0.5.877 - XSS
CVSS 6.1
CVE-2025-52563
MEDIUM
Chamilo LMS < 1.11.30 - Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2025-52476
MEDIUM
Chamilo < 1.11.30 - Reflected Cross-Site Scripting via keyword_active Parameter
CVSS 6.1
CVE-2025-52475
MEDIUM
Chamilo LMS < 1.11.30 - Reflected Cross-Site Scripting via keyword_inactive Parameter
CVSS 6.1
CVE-2025-52470
MEDIUM
Chamilo LMS < 1.11.30 - Stored Cross-Site Scripting via Category Name Field
CVSS 4.8
CVE-2025-52468
HIGH
Chamilo LMS < 1.11.30 - Stored Cross-Site Scripting via CSV User Import
CVSS 8.8
CVE-2025-65465
MEDIUM
Skrol29 TbsZip <= 2.17 - Reflected Cross-Site Scripting via Filename Parameter
CVSS 6.1
CVE-2025-52482
HIGH
Chamilo LMS < 1.11.30 - Authenticated Stored Cross-Site Scripting in Glossary Function
CVSS 8.3
CVE-2025-50186
MEDIUM
Chamilo LMS < 1.11.30 - Stored Cross-Site Scripting via CSV Filename
CVSS 4.8
CVE-2025-69437
HIGH
PublicCMS <=5.202506.d - Stored XSS
CVSS 8.7
CVE-2025-11950
MEDIUM
EduAsist < 27022026 - Reflected Cross-Site Scripting
CVSS 6.3
CVE-2025-14142
MEDIUM
Electric Enquiries WordPress Plugin <1.1 - XSS
CVSS 6.4
CVE-2025-14149
MEDIUM
Xpro Addons for Elementor <=1.4.24 - XSS
CVSS 6.4
CVE-2025-14040
MEDIUM
Automotive Car Dealership Theme <=13.4 - XSS
CVSS 6.4
CVE-2025-56605
MEDIUM
PuneethReddyHC Event Management System 1.0 - Reflected Cross-Site Scripting via Mobile Parameter
CVSS 5.4
CVE-2025-14343
HIGH
Dokuzsoft E-Commerce Product <10122025 - XSS
CVSS 7.6
CVE-2025-64999
MEDIUM
Checkmk 2.4.0-2.4.0p21/2.3.0-2.3.0p42 - XSS
CVSS 5.4
CVE-2025-69231
HIGH
OpenEMR < 8.0.0 - Authenticated Stored Cross-Site Scripting in GAD-7 Anxiety Assessment Form
CVSS 8.7
CVE-2025-67491
MEDIUM
OpenEMR 5.0.0.5-7.0.3.4 - Stored Cross-Site Scripting in Billing UB04 Helper
CVSS 5.4
CVE-2025-46320
MEDIUM
Claris FileMaker Server < 21.1.7 - Cross-Site Scripting in WebDirect Custom Homepage
CVSS 6.1
CVE-2025-40986
MEDIUM
PideTuCita - Reflected Cross-Site Scripting via Cookies Endpoint
Details
Vulnerabilities
44,966
Exploit Likelihood
High