CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2025-11004
HIGH
Simplicity Device Manager Tool - XSS
CVE-2025-40587
HIGH
Polarion <V2404.5, V2410.<V2410.2 - XSS
CVSS 7.6
CVE-2025-63354
MEDIUM
Hitron HI3120 v7.2.4.5.2b1 - Stored Cross-Site Scripting via Parental Control Filter
CVSS 4.8
CVE-2025-7799
HIGH
Zirve Information Technologies Inc. E-Taxpayer Accounting Website <...
CVSS 8.6
CVE-2025-15267
MEDIUM
Bold Page Builder <= 5.5.7 - Authenticated Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode
CVSS 6.4
CVE-2025-13463
MEDIUM
Bold Page Builder <= 5.5.3 - Authenticated Stored Cross-Site Scripting in Post Grid Component
CVSS 6.4
CVE-2025-12159
MEDIUM
Bold Page Builder <= 5.4.8 - Authenticated Stored Cross-Site Scripting via bt_bb_raw_content Shortcode
CVSS 6.4
CVE-2025-13523
HIGH
Mattermost Confluence Plugin < 1.7.0 - Authenticated Stored Cross-Site Scripting via OAuth2 Connection Link
CVSS 7.7
CVE-2025-70792
MEDIUM
Microweber < 2.0.20 - Stored Cross-Site Scripting via Admin Category Create Endpoint
CVSS 6.1
CVE-2025-70791
MEDIUM
Microweber < 2.0.20 - Stored Cross-Site Scripting via Order Direction Parameter
CVSS 6.1
CVE-2025-68723
CRITICAL
Axigen Mail Server 10.3.0-10.5.57 - Stored Cross-Site Scripting in WebAdmin Interface
CVSS 9.0
CVE-2025-68643
MEDIUM
Axigen Mail Server 10.3.0-10.5.57 - Stored Cross-Site Scripting via timeFormat Account Preference
CVSS 5.4
CVE-2025-70545
MEDIUM
Belden PPC 2K05X Firmware v1.1.9_206L - Unauthenticated Stored Cross-Site Scripting in CGI Component
CVSS 6.1
CVE-2025-41085
MEDIUM
Apidog Web Platform 2.7.15 - Stored Cross-Site Scripting via SVG Image Upload
CVE-2025-36033
MEDIUM
IBM Engineering Lifecycle Management - XSS
CVSS 5.4
CVE-2025-71179
MEDIUM
Creativeitem Academy LMS 7.0 - Reflected Cross-Site Scripting via Search Parameter
CVSS 6.1
CVE-2025-70849
MEDIUM
stefanprodan/podinfo < 6.9.0 - Unauthenticated Arbitrary File Upload and Stored Cross-Site Scripting via /store Endpoint
CVSS 6.1
CVE-2025-69848
MEDIUM
NetBox 2.11.0-3.7.x - Reflected Cross-Site Scripting in ProtectedError Handling
CVSS 5.4
CVE-2025-65923
MEDIUM
ERPNext < 15.88.1 - Stored Cross-Site Scripting via CSV Import Update Existing Records
CVSS 5.4
CVE-2025-7760
HIGH
Ofisimo Web-Based Software Technologies Association Web Package Flo...
CVSS 7.6
CVE-2025-6397
HIGH
Ankara Hosting Website Design Website Software - XSS
CVSS 8.6
CVE-2025-67855
MEDIUM
Moodle < 4.1.22 - Reflected Cross-Site Scripting via Policy Tool Return URL
CVSS 5.4
CVE-2025-67850
HIGH
moodle < 4.1.22 - Stored Cross-Site Scripting in Formula Editor Arithmetic Expression Fields
CVSS 7.3
CVE-2025-67849
HIGH
Moodle 4.5.0-4.5.7 and <4.1.22 - Stored Cross-Site Scripting via AI Prompt Response
CVSS 7.3
CVE-2025-59902
HIGH
NICE Chat - HTML Injection via First Name and Last Name Parameters
Details
Vulnerabilities
44,966
Exploit Likelihood
High