CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,968 vulnerabilities with CWE-79
CVE-2025-46270
MEDIUM
MedDream PACS Premium 7.3.6.870 - XSS
CVSS 6.1
CVE-2025-44000
MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via sendOruReport
CVSS 6.1
CVE-2025-36556
MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via LDAP User Functionality
CVSS 6.1
CVE-2025-15380
HIGH
NotificationX < 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via nx-preview POST Parameter
CVSS 7.2
CVE-2025-41081
MEDIUM
IsMyGym - Reflected Cross-Site Scripting via Malicious URL Path
CVE-2025-41025
MEDIUM
Poultry Farm Management System 1.0 - Stored Cross-Site Scripting via category and product Parameters
CVSS 5.4
CVE-2025-41024
MEDIUM
Poultry Farm Management System 1.0 - Stored Cross-Site Scripting via Farm Profile Parameters
CVSS 5.4
CVE-2025-40679
MEDIUM
Bdtask Isshue - Cross-Site Scripting via Product Name Parameter
CVE-2025-40644
MEDIUM
Riftzilla QRGen - Reflected Cross-Site Scripting via 'id' Parameter in /article.php
CVE-2025-41084
MEDIUM
Sesame - Stored Cross-Site Scripting via SVG Logo Upload
CVE-2025-41768
MEDIUM
TwinCAT.HMI.Server < 14.4.267 - Stored Cross-Site Scripting via Custom CSS Field
CVSS 5.5
CVE-2025-66523
MEDIUM
na1.foxitesign.foxit.com <2026-01-16 - XSS
CVSS 6.1
CVE-2025-8615
MEDIUM
CubeWP Framework <= 1.1.26 - Authenticated Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
CVSS 6.4
CVE-2025-56451
MEDIUM
Seeyon A8+ Collaborative Management Software 7.0 - Cross-Site Scripting via topValue Parameter
CVSS 6.1
CVE-2025-31510
HIGH
LemonLDAP::NG < 2.16.5 and 2.17.0-2.21.0 - Cross-Site Scripting via Tab Parameter
CVSS 7.2
CVE-2025-14375
MEDIUM
RSS Aggregator <= 5.0.10 - Unauthenticated Reflected XSS via className Parameter
CVSS 6.1
CVE-2025-67823
HIGH
Mitel MiContact Center Business < 10.2.0.11 and CX < 2.0 - Unauthenticated XSS in Multimedia Email
CVSS 8.2
CVE-2025-70891
MEDIUM
Phpgurukul Cyber Cafe Management System 1.0 - Stored XSS via User Management uadd Parameter
CVSS 6.1
CVE-2025-70890
MEDIUM
Cyber Cafe Management System 1.0 - Authenticated Stored Cross-Site Scripting via Username Parameter
CVSS 6.1
CVE-2025-67025
MEDIUM
anycomment.io 0.4.4 - Stored Cross-Site Scripting in Comment Section
CVSS 6.1
CVE-2025-65368
MEDIUM
SparkyFitness < 0.15.8.2 - Cross-Site Scripting via User Input and LLM Output
CVSS 6.1
CVE-2025-65349
MEDIUM
Italy Wireless Mini Router v28K.MiniRouter.20190211 - Stored XSS via Repeater AP SSID
CVSS 5.4
CVE-2025-15265
MEDIUM
Svelte 5.46.0-5.46.2 - Server-Side Rendering Cross-Site Scripting via Async Hydration Key Injection
CVSS 6.1
CVE-2025-67078
MEDIUM
agora-project < 25.10 - Cross-Site Scripting via Notify Parameter
CVSS 6.1
CVE-2025-14448
MEDIUM
WP-Members Membership Plugin <3.5.4.3 - XSS
CVSS 5.4
Details
Vulnerabilities
44,968
Exploit Likelihood
High