CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,003 vulnerabilities with CWE-79
CVE-2025-66468 HIGH
Aimeos GrapesJS CMS <2021.10.8-2025.10.8 - XSS
CVSS 7.6
CVE-2025-66460 MEDIUM
lookyloo < 1.35.3 - Stored Cross-Site Scripting via Datatables Orthogonal-Data Feature
CVSS 6.1
CVE-2025-66459 MEDIUM
lookyloo < 1.35.3 - Stored Cross-Site Scripting via URL Error Message
CVSS 6.1
CVE-2025-66458 MEDIUM
lookyloo < 1.35.3 - Cross-Site Scripting via Unsafe f-strings in Markup
CVSS 6.1
CVE-2025-13639 HIGH
Google Chrome < 143.0.7499.40 - Arbitrary Read/Write via WebRTC
CVSS 8.1
CVE-2025-65881 MEDIUM
Sourcecodester Zoo Management System v1.0 - XSS
CVSS 6.1
CVE-2025-65215 MEDIUM
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via Supplier Name Field
CVSS 6.1
CVE-2025-65186 MEDIUM
Grav CMS 1.7.49 - Authenticated Stored Cross-Site Scripting via Markdown Editor
CVSS 6.1
CVE-2025-64070 MEDIUM
Student Grades Management System 1.0 - Stored Cross-Site Scripting in Add New Subject Description Field
CVSS 5.4
CVE-2025-65187 MEDIUM
CiviCRM < 6.7.0 - Authenticated Stored Cross-Site Scripting in Accounting Batches Field
CVSS 6.1
CVE-2025-63872 MEDIUM
DeepSeek V3.2 - Cross-Site Scripting via Model-Generated SVG Content
CVSS 6.1
CVE-2025-13505 MEDIUM
Datactive 2.13.34-2.14.0.5 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-65858 LOW
Calibre-Web 0.6.25 - Stored Cross-Site Scripting via Username Field
CVSS 3.5
CVE-2025-13731 MEDIUM
WordPress Nexter Extension - Stored XSS
CVSS 6.4
CVE-2025-40700 MEDIUM
Governalia < 1274 - Reflected Cross-Site Scripting via Search 'q' Parameter
CVSS 6.1
CVE-2025-13873 MEDIUM
ObjectPlanet Opinio 7.26 rev12562 - Stored Cross-Site Scripting in Survey Import Feature
CVSS 5.4
CVE-2025-13007 MEDIUM
WP Social Ninja < 3.20.3 - Unauthenticated Stored Cross-Site Scripting via Externally-Sourced Content
CVSS 6.1
CVE-2025-13387 HIGH
Kadence WooCommerce Email Designer <1.5.17 - XSS
CVSS 7.2
CVE-2025-13697 MEDIUM
BlockArt Blocks - WordPress <2.2.13 - XSS
CVSS 6.4
CVE-2025-66412 MEDIUM
Angular <21.0.2,20.3.15,19.2.17 - XSS
CVSS 5.4
CVE-2025-66403 MEDIUM
FileRise < 2.2.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 4.6
CVE-2025-66312 MEDIUM
Grav Admin Plugin < 1.10.50 - Stored Cross-Site Scripting via data[readableName] Parameter
CVSS 5.4
CVE-2025-66311 MEDIUM
Grav Admin Plugin < 1.11.0-beta.1 - Stored Cross-Site Scripting via Page Metadata Parameters
CVSS 5.4
CVE-2025-66310 MEDIUM
Grav Admin Plugin < 1.10.50 - Stored Cross-Site Scripting via data[header][template] Parameter
CVSS 5.4
CVE-2025-66309 MEDIUM
Grav Admin Plugin < 1.11.0-beta.1 - Reflected Cross-Site Scripting via data[header][content][items] Parameter
CVSS 6.1
Details
Vulnerabilities 45,003
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits