CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,990 vulnerabilities with CWE-79
CVE-2025-66521
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting in Trusted Certificates Feature
CVSS 6.3
CVE-2025-66520
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting via Portfolio SVG Upload
CVSS 6.3
CVE-2025-66519
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting via Layer Import
CVSS 6.3
CVE-2025-66502
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting in Page Templates
CVSS 6.3
CVE-2025-66501
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting via Identity First Name Field
CVSS 6.3
CVE-2025-66500
MEDIUM
Foxit PDF Editor Cloud < 2025-12-01 - Stored Cross-Site Scripting via postMessage Origin Validation Bypass
CVSS 6.3
CVE-2025-14449
MEDIUM
BA Book Everything <= 1.8.14 - Authenticated Stored Cross-Site Scripting via babe-search-form Shortcode
CVSS 6.4
CVE-2025-64675
HIGH
Azure Cosmos DB - Cross-Site Scripting
CVSS 8.3
CVE-2025-68387
MEDIUM
Kibana 7.0.0-7.17.29 - Unauthenticated Cross-Site Scripting via Vega AST Evaluator
CVSS 6.1
CVE-2025-68385
HIGH
Kibana 7.0.0-7.17.29 - Authenticated Cross-Site Scripting via Vega Method
CVSS 7.2
CVE-2025-64677
HIGH
Office Out-of-Box Experience - Cross-Site Scripting
CVSS 8.2
CVE-2025-63949
MEDIUM
yohanawi Hotel Management System - XSS
CVSS 6.1
CVE-2025-63947
MEDIUM
phpmsadmin 2.2 - Authenticated Reflected Cross-Site Scripting via dbname Parameter
CVSS 5.4
CVE-2025-67163
MEDIUM
Simple Machines Forum 2.1.6 - Stored Cross-Site Scripting via Forum Name Parameter
CVSS 6.1
CVE-2025-64355
MEDIUM
Crocoblock JetElements For Elementor <2.7.12 - XSS
CVSS 6.5
CVE-2025-9787
MEDIUM
ManageEngine Applications Manager <= 177400 - Stored Cross-Site Scripting in NOC View
CVSS 6.1
CVE-2025-40893
MEDIUM
Nozomi Networks CMC and Guardian < 25.5.0 - Unauthenticated Stored HTML Injection in Asset List
CVSS 6.1
CVE-2025-40892
HIGH
Nozomi Networks CMC and Guardian < 25.5.0 - Authenticated Stored Cross-Site Scripting in Reports Functionality
CVSS 8.9
CVE-2025-40891
MEDIUM
Nozomi Networks CMC and Guardian < 25.5.0 - Unauthenticated Stored HTML Injection via Time Machine Snapshot Diff
CVSS 4.7
CVE-2025-13730
MEDIUM
WordPress OpenID Connect Generic Client <3.10.0 - XSS
CVSS 6.4
CVE-2025-6324
HIGH
MatrixAddons Easy Invoice <= 2.0.9 - XSS
CVSS 7.1
CVE-2025-66119
HIGH
Bob Hostel <= 1.1.5.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-66118
HIGH
BoldGrid Sprout Clients <= 3.2.1 - XSS
CVSS 7.1
CVE-2025-66102
HIGH
FolioVision FV Antispam <= 2.7 - XSS
CVSS 7.1
CVE-2025-64376
HIGH
CridioStudio ListingPro <2.9.10 - XSS
CVSS 7.1
Details
Vulnerabilities
44,990
Exploit Likelihood
High