CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,000 vulnerabilities with CWE-79
CVE-2025-64555
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64554
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64553
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64551
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64550
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64549
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64548
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64547
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64546
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64545
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64544
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64543
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-64541
MEDIUM
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-64539
CRITICAL
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 9.3
CVE-2025-64538
CRITICAL
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 9.3
CVE-2025-64537
CRITICAL
Adobe Experience Manager < 6.5.24.0 and < 2025.12.0 - DOM-based Cross-Site Scripting
CVSS 9.3
CVE-2025-56429
MEDIUM
FearlessCMS 0.0.2-15 - Cross-Site Scripting via login.php
CVSS 6.1
CVE-2025-65754
MEDIUM
Algernon < 1.17.5 - Cross-Site Scripting via Filename Injection
CVSS 6.1
CVE-2025-67641
MEDIUM
Jenkins Coverage Plugin < 2.3054.ve1ff7b_a_a_123b - Stored Cross-Site Scripting via REST API Configuration
CVSS 5.4
CVE-2025-13127
LOW
GoldenHorn < 4.25.1121.1 - Cross-Site Scripting
CVSS 3.5
CVE-2025-67496
MEDIUM
WeGIA < 3.5.5 - Stored Cross-Site Scripting in Employee Selection Dropdown
CVSS 4.3
CVE-2025-67495
HIGH
ZITADEL 4.0.0-4.7.0 - Unauthenticated DOM-Based Cross-Site Scripting via Logout Endpoint
CVSS 8.0
CVE-2025-34425
MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via WindowContext Parameter
CVSS 6.1
CVE-2025-65572
MEDIUM
AllskyTeam AllSky 2024.12.06_06 - Stored Cross-Site Scripting via config, filename, or extratext Parameter
CVSS 6.1
CVE-2025-65300
MEDIUM
Coohom SaaS Platform feVersion=1760060603897 - Stored Cross-Site Scripting in Account Settings Address Fields
CVSS 5.4
Details
Vulnerabilities
45,000
Exploit Likelihood
High