CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,988 vulnerabilities with CWE-79
CVE-2025-68876 HIGH
INVELITY Invelity SPS connect - XSS
CVSS 7.1
CVE-2025-68928 MEDIUM
frappe_crm < 1.56.2 - Authenticated Stored Cross-Site Scripting via Website Field
CVSS 5.4
CVE-2025-65442 MEDIUM
xxyopen novel V3.5.0 - DOM-based Cross-Site Scripting via Book Comment Module
CVSS 6.1
CVE-2025-57462 MEDIUM
machpanel 8.0.32 - Stored Cross-Site Scripting via Crafted PDF File
CVSS 6.1
CVE-2025-15188 LOW
Campcodes Complete Online Beauty Parlor Management System 1.0 - Cross-Site Scripting via searchdata Parameter
CVSS 2.4
CVE-2025-15175 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in AppController
CVSS 3.5
CVE-2025-15174 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in doAppAuditList Function
CVSS 3.5
CVE-2025-15173 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in InstanceController advancedAnalysis
CVSS 3.5
CVE-2025-15172 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in RedisConfigTemplateController File Preview
CVSS 3.5
CVE-2025-15171 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in ServerController Index Function
CVSS 3.5
CVE-2025-15170 MEDIUM
Advaya Softech GEMS ERP Portal < 2.1 - Cross-Site Scripting via Error Message Handler
CVSS 4.3
CVE-2025-15149 LOW
Rawchen ecms <b59d7feaa9094234e8aa6c8c6b290621ca575ded - XSS
CVSS 2.4
CVE-2025-15146 LOW
Sohu CacheCloud < 3.2 - Cross-Site Scripting in UserManageController doUserList
CVSS 2.4
CVE-2025-15145 LOW
SohuTV CacheCloud < 3.2 - Cross-Site Scripting in TotalManageController
CVSS 2.4
CVE-2025-15144 MEDIUM
xunruicms < 4.7.1 - Cross-Site Scripting via JSONP Callback Handler
CVSS 4.3
CVE-2025-15134 LOW
yourmaileyes MOOC < 1.17 - Cross-Site Scripting via Submission Handler
CVSS 3.5
CVE-2025-68927 MEDIUM
Libredesk < 0.8.6-beta - Stored HTML Injection in Contact Notes Feature
CVSS 6.1
CVE-2025-61914 HIGH
n8n < 1.114.0 - Stored Cross-Site Scripting via Respond to Webhook Node
CVSS 7.3
CVE-2025-67349 MEDIUM
FluentCMS 1.2.3 - Authenticated Stored Cross-Site Scripting in Page Head Section
CVSS 6.1
CVE-2025-8075 MEDIUM
Hanwha Vision Camera Firmware - Cross-Site Scripting via XML Request Message
CVSS 5.4
CVE-2025-68946 MEDIUM
Gitea < 1.20.1 - Cross-Site Scripting via Forbidden URL Scheme
CVSS 5.4
CVE-2025-68942 MEDIUM
Gitea < 1.22.2 - Stored Cross-Site Scripting via Search Input Box
CVSS 5.4
CVE-2025-15095 LOW
postmanlabs httpbin <= 0.6.1 - Cross-Site Scripting in core.py
CVSS 3.5
CVE-2025-15094 MEDIUM
FlyCMS < 2019-12-20 - Cross-Site Scripting via User Login Redirect URL
CVSS 4.3
CVE-2025-15093 MEDIUM
sunkaifei FlyCMS < 2019-12-20 - Cross-Site Scripting via IndexAdminController redirectUrl Parameter
CVSS 4.3
Details
Vulnerabilities 44,988
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits