CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,003 vulnerabilities with CWE-79
CVE-2025-66308 MEDIUM
Grav Admin Plugin < 1.11.0-beta.1 - Stored Cross-Site Scripting via data[taxonomies] Parameter
CVSS 5.4
CVE-2025-65622 MEDIUM
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting via Locations Country Field
CVSS 5.4
CVE-2025-65621 MEDIUM
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting and Privilege Escalation
CVSS 5.4
CVE-2025-63317 MEDIUM
Todoist v8896 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-13835 MEDIUM
Tyche Softwares Arconix Shortcodes <2.1.19 - XSS
CVSS 6.5
CVE-2025-63534 HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63533 HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-64030 MEDIUM
Eximbills Enterprise 4.1.5 - Authenticated Stored Cross-Site Scripting via TMPL_INFO Parameter
CVSS 5.4
CVE-2025-63528 HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63527 HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63526 HIGH
Blood Bank Management System - Stored Cross-Site Scripting in abs.php msg Parameter
CVSS 8.5
CVE-2025-63520 MEDIUM
FeehiCMS 2.1.1 - Cross-Site Scripting via User Update ID Parameter
CVSS 6.1
CVE-2025-41070 MEDIUM
Sanoma Clickedu - Reflected Cross-Site Scripting via /students/carpetes_varies.php
CVE-2025-13802 MEDIUM
jairiidriss RestaurantWebsite - XSS
CVSS 4.3
CVE-2025-13795 LOW
codingWithElias School Management System <f1ac334bfd89ae9067cc14dea...
CVSS 2.4
CVE-2025-13793 MEDIUM
Winston-dsouza Ecommerce-Website <87734c043269baac0b4cfe96647844621...
CVSS 4.3
CVE-2025-13784 LOW
yungifez Skuul < 2.6.5 - Cross-Site Scripting via SVG File Handler in Dashboard Edit
CVSS 2.4
CVE-2025-66421 MEDIUM
Tryton sao < 7.6.11 - Cross-Site Scripting via Unescaped Completion Values
CVSS 5.4
CVE-2025-66420 MEDIUM
Tryton sao < 7.6.9 - Cross-Site Scripting via HTML Attachment
CVSS 5.4
CVE-2025-65892 MEDIUM
krpano < 1.23.2 - Unauthenticated Reflected Cross-Site Scripting via passQueryParameters XML Parameter
CVSS 6.1
CVE-2025-65540 MEDIUM
xmall v1.1 - Stored Cross-Site Scripting via Username and Description Fields
CVSS 6.1
CVE-2025-66036 MEDIUM
Retro < 2.4.7 - Cross-Site Scripting in Input Handling Component
CVSS 6.1
CVE-2025-51734 MEDIUM
HCL Unica 12.0.0 - Cross-Site Scripting
CVSS 5.4
CVE-2025-66359 HIGH
Logpoint SIEM < 7.7.0 - Cross-Site Scripting via Insufficient Input Validation
CVSS 8.5
CVE-2025-13692 HIGH
Unlimited Elements For Elementor <2.0 - XSS
CVSS 7.2
Details
Vulnerabilities 45,003
Exploit Likelihood High