CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2025-33135 MEDIUM
IBM Financial Transaction Manager 3.0.0.0-3.0.5.4 - XSS
CVSS 6.1
CVE-2025-70846 HIGH
aidigu 1.9.1 - Stored Cross-Site Scripting via Password Input Field
CVSS 7.1
CVE-2025-36019 MEDIUM
IBM Concert 1.0.0-2.1.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-8303 MEDIUM
Real Estate Script V5 (With Doping Module - Store Module - New Language System) <= 17022026 - Cross-Site Scripting
CVSS 6.5
CVE-2025-65717 MEDIUM
Visual Studio Code Extensions Live Server <5.7.9 - Info Disclosure
CVSS 4.3
CVE-2025-59905 MEDIUM
Kubysoft - Reflected Cross-Site Scripting via /node/kudaby/nodeFN/procedure Endpoint
CVSS 6.1
CVE-2025-59904 MEDIUM
Kubysoft - Stored Cross-Site Scripting via /kForms/app Endpoint Parameters
CVSS 5.4
CVE-2025-59903 MEDIUM
Kubysoft - Stored Cross-Site Scripting via SVG Image Upload
CVSS 5.4
CVE-2025-15483 MEDIUM
Link Hopper <= 2.5 - Authenticated Stored Cross-Site Scripting via hop_name Parameter
CVSS 4.4
CVE-2025-70095 MEDIUM
OpenSourcePOS 3.4.1 - Cross-Site Scripting in Item Management and Sales Invoice Function
CVSS 6.5
CVE-2025-70094 MEDIUM
OpenSourcePOS 3.4.1 - Stored Cross-Site Scripting via Item Category Parameter
CVSS 6.5
CVE-2025-70091 MEDIUM
OpenSourcePOS 3.4.1 - Stored Cross-Site Scripting via Customer Phone Number Parameter
CVSS 6.5
CVE-2025-70092 MEDIUM
OpenSourcePOS 3.4.1 - Stored Cross-Site Scripting via Item Name Parameter
CVSS 5.5
CVE-2025-70845 MEDIUM
aidigu 1.9.1 - Stored Cross-Site Scripting in Setting Page Intro Field
CVSS 6.1
CVE-2025-13002 HIGH
Farktor Software E-Commerce Services Inc. E-Commerce Package <2.711...
CVSS 8.2
CVE-2025-41117 MEDIUM
Grafana 12.2.0-12.2.4 - Stored Cross-Site Scripting in Explore Traces View
CVSS 6.8
CVE-2025-70297 MEDIUM
Mealie 3.3.1-3.5.9 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-8668 CRITICAL
Turboard 2025.07-2026.02 - Reflected Cross-Site Scripting
CVSS 9.4
CVE-2025-14560 HIGH
GitLab CE/EE <18.6.6-18.8.4 - Privilege Escalation
CVSS 7.3
CVE-2025-15440 HIGH
iONE360 WordPress Configurator <2.0.57 - XSS
CVSS 7.2
CVE-2025-13650 MEDIUM
ZeusWeb 6.1.31 - Stored Cross-Site Scripting via Surname Parameter in Create Account
CVSS 6.1
CVE-2025-13649 MEDIUM
ZeusWeb 6.1.31 - Stored Cross-Site Scripting via Recover Password Email Parameter
CVSS 6.1
CVE-2025-13648 MEDIUM
ZeusWeb 6.1.31 - Authenticated Stored Cross-Site Scripting via Name and Surname Parameters
CVSS 6.1
CVE-2025-10913 HIGH
Saastech Cleaning and Internet Services Inc. TemizlikYolda - XSS
CVSS 8.3
CVE-2025-52436 HIGH
FortiSandbox 4.0.0-4.4.7, 5.0.0-5.0.1 - Unauthenticated Cross-Site Scripting
CVSS 8.8
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits