CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,995 vulnerabilities with CWE-79
CVE-2025-13850
MEDIUM
LS Google Map Router <= 1.1.0 - Authenticated Stored Cross-Site Scripting via map_type Parameter
CVSS 6.4
CVE-2025-13846
MEDIUM
Easy Map Creator <= 3.0.2 - Authenticated Stored Cross-Site Scripting via Width Parameter
CVSS 6.4
CVE-2025-13843
MEDIUM
VigLink SpotLight By ShortCode <1.0.a - XSS
CVSS 6.4
CVE-2025-13840
MEDIUM
BUKAZU Search widget plugin <3.3.2 - XSS
CVSS 6.4
CVE-2025-13747
MEDIUM
NewStatPress <= 1.4.3 - Authenticated Stored Cross-Site Scripting via nsp_shortcode Regex Bypass
CVSS 6.4
CVE-2025-12834
MEDIUM
Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message Parameter
CVSS 6.1
CVE-2025-12830
MEDIUM
Better Elementor Addons <1.5.4 - XSS
CVSS 6.4
CVE-2025-12650
MEDIUM
WordPress Simple Post Listing <0.2 - XSS
CVSS 6.4
CVE-2025-13839
MEDIUM
LJUsers <= 1.2.0 - Authenticated Stored Cross-Site Scripting via 'name' Parameter
CVSS 6.4
CVE-2025-66452
MEDIUM
librechat < 0.8.0 - Cross-Site Scripting via JSON Parsing Error Handling
CVSS 6.1
CVE-2025-55816
MEDIUM
HotelDruid < 3.0.7 - Cross-Site Scripting in /modifica_app.php
CVSS 6.1
CVE-2025-14538
LOW
yangshare warehouseManager 1.1.0 - XSS
CVSS 3.5
CVE-2025-66918
HIGH
edoc-doctor-appointment-system 1.0.1 - Cross-Site Scripting via Title Parameter
CVSS 8.8
CVE-2025-14046
MEDIUM
GitHub Enterprise Server < 3.14.21 - Cross-Site Scripting via DOM Element ID Collision
CVSS 6.1
CVE-2025-67741
MEDIUM
JetBrains TeamCity < 2025.11 - Stored Cross-Site Scripting via Session Attribute
CVSS 4.6
CVE-2025-14519
LOW
baowzh hfly <638ff9abe9078bc977c132b37acbe1900b63491c - XSS
CVSS 3.5
CVE-2025-12029
HIGH
GitLab 15.11-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Cross-Site Scripting in Swagger UI
CVSS 8.0
CVE-2025-9436
MEDIUM
Widgets for Google Reviews <13.2.1 - XSS
CVSS 6.4
CVE-2025-12716
HIGH
GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation
CVSS 8.7
CVE-2025-67648
HIGH
Shopware 6.4.6.0-6.6.10.9 and 6.7.0.0-6.7.5.0 - Reflected Cross-Site Scripting via Login Page waitTime Parameter
CVSS 7.1
CVE-2025-66472
MEDIUM
XWiki Platform <16.10.9, <17.0.0-rc-1 to <17.4.1 - XSS
CVSS 6.1
CVE-2025-64888
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64887
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64881
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64875
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
Details
Vulnerabilities
44,995
Exploit Likelihood
High