CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,968 vulnerabilities with CWE-79
CVE-2025-70960 MEDIUM
Tendenci CMS 15.3.7 - Stored Cross-Site Scripting in Forums Module
CVSS 5.4
CVE-2025-70959 MEDIUM
Tendenci CMS 15.3.7 - Stored Cross-Site Scripting in Jobs Module
CVSS 5.4
CVE-2025-70958 MEDIUM
Subrion CMS 4.2.1 - Reflected Cross-Site Scripting via Installation Module Parameters
CVSS 6.1
CVE-2025-6596 NONE
Wikimedia Foundation Vector <1.42.7-1.44.0 - XSS
CVE-2025-6595 MEDIUM
Wikimedia Foundation MultimediaViewer <1.39.13-1.44.0 - XSS
CVSS 4.7
CVE-2025-6594 MEDIUM
MediaWiki 1.27.0-1.39.12, 1.42.7, 1.43.2, 1.44.0 - Cross-Site Scripting in ApiSandbox
CVSS 4.7
CVE-2025-6591 NONE
MediaWiki <1.39.13, 1.42.7, 1.43.2, 1.44.0 - Info Disclosure
CVSS 4.7
CVE-2025-36436 MEDIUM
IBM Cloud Pak for Business Automation <25.0.0-24.0.1 - XSS
CVSS 6.4
CVE-2025-15396 HIGH
Library Viewer < 3.2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-14554 HIGH
Sell BTC - Cryptocurrency Selling Calculator <1.5 - XSS
CVSS 7.2
CVE-2025-9226 MEDIUM
Zohocorp ManageEngine <128582 - XSS
CVSS 4.6
CVE-2025-15549 MEDIUM
FluentCMS < 0.0.5 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 4.8
CVE-2025-69749 MEDIUM
tale 2.0.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-7713 HIGH
Global Interactive Design Media Software CMS <21072025 - XSS
CVSS 7.5
CVE-2025-13983 MEDIUM
Drupal Tagify < 1.2.44 - Cross-Site Scripting
CVSS 5.4
CVE-2025-13981 MEDIUM
Drupal AI (Artificial Intelligence) < 1.0.7, 1.1.0-1.1.7, 1.2.0-1.2.4 - Cross-Site Scripting
CVSS 4.4
CVE-2025-13979 MEDIUM
Drupal Mini site < 3.0.2 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-67723 MEDIUM
Discourse < 3.5.4 - Cross-Site Scripting in Math Plugin KaTeX Variant
CVSS 4.6
CVE-2025-70336 MEDIUM
PodcastGenerator 3.2.9 - Stored Cross-Site Scripting via Live Item Title and Description Parameters
CVSS 4.8
CVE-2025-14865 MEDIUM
Passster - Password Protect Pages and Content <4.2.24 - XSS
CVSS 6.4
CVE-2025-59900 MEDIUM
Flexense Diskpulse - XSS
CVSS 5.4
CVE-2025-59899 MEDIUM
Flexense Diskpulse - XSS
CVSS 5.4
CVE-2025-59898 MEDIUM
Flexense Diskpulse - XSS
CVSS 5.4
CVE-2025-59897 MEDIUM
Flexense Diskpulse - XSS
CVSS 5.4
CVE-2025-59896 MEDIUM
Flexense Diskpulse - XSS
CVSS 5.4
Details
Vulnerabilities 44,968
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits