CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,968 vulnerabilities with CWE-79
CVE-2025-71166
MEDIUM
Typesetter CMS <= 5.1 - Authenticated Reflected Cross-Site Scripting via Move Message Handling
CVSS 5.4
CVE-2025-71165
MEDIUM
Typesetter CMS <= 5.1 - Authenticated Reflected Cross-Site Scripting via Tools Status Path Parameter
CVSS 5.4
CVE-2025-71164
MEDIUM
Typesetter CMS <= 5.1 - Authenticated Reflected Cross-Site Scripting via Editing Component
CVSS 5.4
CVE-2025-14557
MEDIUM
Drupal Facebook Pixel <7.X-1.1 - XSS
CVSS 4.8
CVE-2025-14556
MEDIUM
Drupal Flag 7.x-3.0-7.x-3.9 - Cross-Site Scripting
CVSS 5.4
CVE-2025-11224
HIGH
GitLab 15.10-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Stored Cross-Site Scripting via Kubernetes Proxy
CVSS 7.7
CVE-2025-63644
MEDIUM
pH7Software pH7-Social-Dating-CMS 17.9.1 - XSS
CVSS 5.4
CVE-2025-67834
MEDIUM
Paessler PRTG Network Monitor < 25.4.114.1032 - Unauthenticated Cross-Site Scripting via Filter Parameter
CVSS 5.4
CVE-2025-67833
MEDIUM
Paessler PRTG Network Monitor < 25.4.114.1032 - Unauthenticated Cross-Site Scripting via Tag Parameter
CVSS 6.1
CVE-2025-37185
MEDIUM
EdgeConnect SD-WAN Orchestrator - XSS
CVSS 5.5
CVE-2025-15486
MEDIUM
Kunze Law < 2.1 - Authenticated Stored Cross-Site Scripting via Shortcode
CVSS 4.4
CVE-2025-15378
HIGH
AJS Footnotes <= 1.0 - Unauthenticated Stored Cross-Site Scripting via Settings Parameters
CVSS 7.2
CVE-2025-15283
HIGH
WordPress Name Directory <1.30.3 - XSS
CVSS 7.2
CVE-2025-15266
HIGH
GeekyBot <= 1.1.8 - Unauthenticated Stored XSS via Chat Message
CVSS 7.2
CVE-2025-15021
MEDIUM
Gotham Block Extra Light <1.5.0 - XSS
CVSS 4.4
CVE-2025-14725
MEDIUM
Internal Link Builder <= 1.0 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-14379
MEDIUM
Testimonials Creator 1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-13627
MEDIUM
Makesweat <= 0.1 - Authenticated Stored Cross-Site Scripting via makesweat_clubid Setting
CVSS 4.4
CVE-2025-12178
MEDIUM
SpiceForms Form Builder <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-68658
MEDIUM
Open Source Point of Sale 3.4.0-3.4.1 - Authenticated Stored Cross-Site Scripting in Company Name Field
CVSS 4.3
CVE-2025-15056
MEDIUM
Quill 2.0.3 - Cross-Site Scripting in HTML Export Feature
CVSS 6.1
CVE-2025-9427
HIGH
Lemonsoft WordPress <2025.7.1 - XSS
CVE-2025-66939
MEDIUM
66biolinks 61.0.1 - Cross-Site Scripting via Favicon File
CVSS 5.4
CVE-2025-41003
MEDIUM
Imaster's Patient Record Management System - XSS
CVE-2025-40978
MEDIUM
eCommerceGo SaaS - Stored Cross-Site Scripting via Reply Description Parameter
Details
Vulnerabilities
44,968
Exploit Likelihood
High