CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,990 vulnerabilities with CWE-79
CVE-2025-64372 HIGH
Traveler < 3.2.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64260 HIGH
Marco Milesi ANAC XML Bandi di Gara - XSS
CVSS 7.1
CVE-2025-64221 HIGH
designthemes dt-reservation-plugin - XSS
CVSS 7.1
CVE-2025-64217 HIGH
ThemeGoods Photography <= 7.7.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64207 HIGH
Jannah <= 7.6.0 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-64203 HIGH
EverPress Mailster < 4.1.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64191 HIGH
XStore < 9.6.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-64189 HIGH
8theme XStore Core < 5.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-60182 HIGH
Schiocco Support Board < 3.8.7 - XSS
CVSS 7.1
CVE-2025-57897 HIGH
venusweb Logtik <= 2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-12976 MEDIUM
Events Manager - Calendar <7.2.2.1 - XSS
CVSS 6.4
CVE-2025-68461 HIGH KEV
Roundcube Webmail < 1.5.12 and 1.6 < 1.6.12 - Cross-Site Scripting via SVG Animate Tag
CVSS 7.2
CVE-2025-12885 MEDIUM
Embed Any Document <= 2.7.10 - Authenticated Stored XSS via sanitize_pdf_src Regex Bypass
CVSS 6.4
CVE-2025-14202 HIGH
Linkding 1.44.1 SVG Asset Rendering - Admin Account Takeover
CVE-2025-68147 HIGH
Open Source Point of Sale 3.4.0-3.4.2 - Stored Cross-Site Scripting in Return Policy Configuration Field
CVSS 8.1
CVE-2025-68401 MEDIUM
ChurchCRM < 6.0.0 - Stored Cross-Site Scripting via Insufficient Input Sanitization
CVSS 4.8
CVE-2025-68399 MEDIUM
ChurchCRM < 6.5.4 - Authenticated Stored Cross-Site Scripting in GroupEditor.php
CVSS 5.4
CVE-2025-68275 MEDIUM
ChurchCRM < 6.5.3 - Stored Cross-Site Scripting in People View Pages
CVSS 4.8
CVE-2025-67876 MEDIUM
ChurchCRM < 6.4.0 - Stored Cross-Site Scripting in Group Role Names
CVSS 5.4
CVE-2025-67875 MEDIUM
ChurchCRM < 6.5.3 - Authenticated Privilege Escalation and Stored Cross-Site Scripting via Profile Injection
CVSS 5.4
CVE-2025-67787 CRITICAL
DriveLock 25.1.2-25.1.5 - Cross-Site Scripting in Operations Center
CVSS 9.6
CVE-2025-65233 MEDIUM
SLiMS < 9.6.0 - Reflected Cross-Site Scripting via PHP_SELF in index.php/sysconfig.inc.php
CVSS 6.1
CVE-2025-67170 MEDIUM
RiteCMS 3.1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-13537 MEDIUM
Live Composer - Free WordPress Website Builder <= 2.0.2 - Authenticated Stored Cross-Site Scripting via DOM Manipulation
CVSS 6.4
CVE-2025-13217 MEDIUM
Ultimate Member < 2.11.0 - Authenticated Stored Cross-Site Scripting via YouTube Video Value Field
CVSS 6.4
Details
Vulnerabilities 44,990
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits