CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,003 vulnerabilities with CWE-79
CVE-2025-13604
HIGH
CleanTalk plugin <2.168 - XSS
CVSS 7.2
CVE-2025-13071
HIGH
Custom Admin Menu < 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-12705
HIGH
Social Reviews & Recommendations <2.5 - XSS
CVSS 7.2
CVE-2025-10876
MEDIUM
Talent Software e-BAP Automation <v.41815 - XSS
CVSS 5.3
CVE-2025-10573
CRITICAL
Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Stored Cross-Site Scripting
CVSS 9.6
CVE-2025-66481
CRITICAL
deepchat < 0.5.1 - Stored Cross-Site Scripting via Mermaid Content Bypass
CVSS 9.6
CVE-2025-66470
MEDIUM
NiceGUI < 3.4.0 - Stored Cross-Site Scripting via Interactive Image SVG ForeignObject Tag
CVSS 6.1
CVE-2025-66469
MEDIUM
NiceGUI < 3.4.0 - Reflected Cross-Site Scripting via CSS/SCSS/SASS Injection
CVSS 6.1
CVE-2025-12635
MEDIUM
IBM WebSphere Application Server <9.0 - XSS
CVSS 5.4
CVE-2025-65228
LOW
R.V.R. Elettronica TLK302T Firmware 1.5.1799 - Stored Cross-Site Scripting
CVSS 3.5
CVE-2025-65230
MEDIUM
Barix Instreamer v04.05-v04.06 - Stored Cross-Site Scripting in Web UI Configuration Streaming Destination Input
CVSS 5.4
CVE-2025-65229
MEDIUM
Lyrion Music Server <= 9.0.3 - Authenticated Stored Cross-Site Scripting in Player Name Field
CVSS 4.6
CVE-2025-65231
MEDIUM
Barix Instreamer Firmware < 4.06 - Stored Cross-Site Scripting via CTS Close Command
CVSS 6.1
CVE-2025-42620
HIGH
CIRCL Vulnerability-Lookup < 2.18.0 - Stored Cross-Site Scripting via Bundle and Comment Markdown Rendering
CVE-2025-14244
LOW
GreenCMS 2.3.0603 - Cross-Site Scripting via Menu Management Page Link Parameter
CVSS 2.4
CVE-2025-14228
LOW
Yealink SIP-T21P E2 52.84.0.15 - Cross-Site Scripting in Local Directory Page
CVSS 3.5
CVE-2025-12956
HIGH
ENOVIA Collaborative Industry Innovator - XSS
CVSS 8.7
CVE-2025-14221
LOW
SourceCodester Online Banking System 1.0 - XSS
CVSS 3.5
CVE-2025-14205
LOW
Chamber of Commerce Membership Management System 1.0 - XSS
CVSS 2.4
CVE-2025-14201
LOW
Alokjaiswal Hotel-management-services-using-mysql-and-php < 2018-11-08 - Code Injection
CVSS 2.4
CVE-2025-14200
LOW
alokjaiswal Hotel-Management-services-using-MYSQL-and-php - Cross-Site Scripting in Request Pending Page
CVSS 3.5
CVE-2025-14194
LOW
Employee Profile Management System 1.0 - XSS
CVSS 3.5
CVE-2025-12499
HIGH
Rich Shortcodes for Google Reviews <6.8 - XSS
CVSS 7.2
CVE-2025-13907
MEDIUM
CSS3 Buttons <= 0.1 - Authenticated Stored Cross-Site Scripting via Button Shortcode Attributes
CVSS 6.4
CVE-2025-13899
MEDIUM
TR Timthumb <= 1.0.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
45,003
Exploit Likelihood
High