CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,988 vulnerabilities with CWE-79
CVE-2025-67630
MEDIUM
webheadcoder WH Tweaks <= 1.0.2 - XSS
CVSS 5.9
CVE-2025-67629
MEDIUM
Basticom Framework <= 1.5.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-67628
MEDIUM
AMP-MODE Review Disclaimer <2.0.3 - XSS
CVSS 5.9
CVE-2025-67627
MEDIUM
Draft Notify <= 1.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-66444
HIGH
Hitachi Infrastructure Analytics Advisor <11.0.5.00 - XSS
CVSS 8.2
CVE-2025-15052
LOW
Student Information System 1.0 - Stored Cross-Site Scripting via Profile Firstname/Lastname Parameter
CVSS 3.5
CVE-2025-68669
CRITICAL
5ire < 0.15.2 - Remote Code Execution via Mermaid Diagram HTML Rendering
CVSS 9.6
CVE-2025-14499
HIGH
IceWarp >=14.2.0.5 <14.2.0.5 - Unauthenticated Cross-Site Scripting via gmaps Parameter
CVSS 8.8
CVE-2025-66845
MEDIUM
TechStore 1.0 - Reflected Cross-Site Scripting via id Query Parameter
CVSS 6.1
CVE-2025-13183
HIGH
Hotech Software Inc. Otello <2.4.4 - XSS
CVSS 7.3
CVE-2025-68559
MEDIUM
CodexThemes TheGem Theme Elements - XSS
CVSS 6.5
CVE-2025-68548
MEDIUM
WebCodingPlace Responsive Posts Carousel Pro - XSS
CVSS 6.5
CVE-2025-14635
MEDIUM
Happy Addons for Elementor <3.20.3 - XSS
CVSS 6.4
CVE-2025-14000
MEDIUM
WordPress Membership Plugin - Stored XSS
CVSS 6.4
CVE-2025-14548
MEDIUM
WordPress Calendar plugin <1.3.16 - XSS
CVSS 6.4
CVE-2025-68614
MEDIUM
LibreNMS < 25.12.0 - Stored Cross-Site Scripting via Alert Rule Name
CVSS 4.3
CVE-2025-67291
MEDIUM
Piranha CMS v12.1 - Stored Cross-Site Scripting in Media Module Name Field
CVSS 6.1
CVE-2025-67290
MEDIUM
Piranha CMS v12.1 - Stored Cross-Site Scripting in Page Settings Excerpt Field
CVSS 6.1
CVE-2025-65837
MEDIUM
PublicCMS V5.202506.b - Cross-Site Scripting in Content Search Module
CVSS 5.4
CVE-2025-65790
MEDIUM
FuguHub 8.1 - Reflected Cross-Site Scripting via SVG File in File Manager
CVSS 6.1
CVE-2025-67289
CRITICAL
Frappe Framework 15.89.0 - Arbitrary File Upload and Remote Code Execution via Attachments Module
CVSS 9.6
CVE-2025-65270
MEDIUM
ClinCapture EDC 3.0 and 2.2.3 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-67443
MEDIUM
Schlix CMS < 2.2.9-5 - Stored Cross-Site Scripting via Login Form
CVSS 6.1
CVE-2025-8460
MEDIUM
Centreon Infra Monitoring Open Tickets 23.10.0-23.10.4 - Authenticated Stored Cross-Site Scripting
CVSS 6.8
CVE-2025-54890
MEDIUM
Centreon Web 23.10.0-23.10.28 - Authenticated Stored Cross-Site Scripting in Hostgroup Configuration Page
CVSS 6.8
Details
Vulnerabilities
44,988
Exploit Likelihood
High