CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,000 vulnerabilities with CWE-79
CVE-2025-64672 HIGH
Microsoft SharePoint Server < 16.0.19127.20378 - Cross-Site Scripting
CVSS 8.8
CVE-2025-61078 MEDIUM
phpipam v1.7.3 - Stored Cross-Site Scripting in Request IP Form via Instructions Parameter
CVSS 6.1
CVE-2025-54353 MEDIUM
FortiSandbox 4.0.0-4.0.5, 4.2.0-4.2.x, 4.4.0-4.4.7, 5.0.0-5.0.2 - Cross-Site Scripting via Crafted HTTP Requests
CVSS 5.4
CVE-2025-34409 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via Failed Parameter in AddRecipientsResult.aspx
CVSS 6.1
CVE-2025-34408 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via Added Parameter in AddRecipientsResult.aspx
CVSS 6.1
CVE-2025-34407 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via Statistics.aspx Theme Parameter
CVSS 6.1
CVE-2025-34406 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via Id Parameter in Mobile ContactDetails
CVSS 6.1
CVE-2025-34404 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via InstanceScope Parameter
CVSS 6.1
CVE-2025-34403 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via AddressBook.aspx FieldTo Parameter
CVSS 6.1
CVE-2025-34402 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via FieldCc Parameter
CVSS 6.1
CVE-2025-34401 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via FieldBcc Parameter
CVSS 6.1
CVE-2025-34400 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via AddressesTo Parameter
CVSS 6.1
CVE-2025-34399 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via AddressesCc Parameter
CVSS 6.1
CVE-2025-34398 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via AddressesBcc Parameter
CVSS 6.1
CVE-2025-34397 MEDIUM
MailEnable < 10.54 - Reflected Cross-Site Scripting via Mobile Compose Message Parameter
CVSS 6.1
CVE-2025-65289 MEDIUM
Mercury MR816v2 4.8.7 Build 110427 Rel 36550n - Stored Cross-Site Scripting via Hostname Injection
CVSS 6.1
CVE-2025-63737 MEDIUM
RockOA 2.7.0 - Cross-Site Scripting via m Parameter in task.php
CVSS 6.1
CVE-2025-9638 MEDIUM
Portabilis i-Educar 2.10.0 - Stored Cross-Site Scripting via matricula_interna Parameter
CVSS 4.8
CVE-2025-6924 MEDIUM
Talent Software e-BAP Automation <42957 - XSS
CVSS 5.4
CVE-2025-6923 MEDIUM
Talent Software UNIS < 42957 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-67558 MEDIUM
Rencontre <= 3.13.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-67557 MEDIUM
Rhys Wynne WP eBay Product Feeds <=3.4.9 - XSS
CVSS 5.9
CVE-2025-67556 MEDIUM
ThemeHigh Advanced FAQ Manager <1.5.2 - XSS
CVSS 5.9
CVE-2025-67555 MEDIUM
UseStrict's Calendly Embedder <= 1.1.7.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-67554 MEDIUM
Humanityco Cookie Notice & Compliance - XSS
CVSS 5.9
Details
Vulnerabilities 45,000
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits