CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,003 vulnerabilities with CWE-79
CVE-2025-66308
MEDIUM
Grav Admin Plugin < 1.11.0-beta.1 - Stored Cross-Site Scripting via data[taxonomies] Parameter
CVSS 5.4
CVE-2025-65622
MEDIUM
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting via Locations Country Field
CVSS 5.4
CVE-2025-65621
MEDIUM
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting and Privilege Escalation
CVSS 5.4
CVE-2025-63317
MEDIUM
Todoist v8896 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-13835
MEDIUM
Tyche Softwares Arconix Shortcodes <2.1.19 - XSS
CVSS 6.5
CVE-2025-63534
HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63533
HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-64030
MEDIUM
Eximbills Enterprise 4.1.5 - Authenticated Stored Cross-Site Scripting via TMPL_INFO Parameter
CVSS 5.4
CVE-2025-63528
HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63527
HIGH
Blood Bank Management System 1.0 - XSS
CVSS 8.5
CVE-2025-63526
HIGH
Blood Bank Management System - Stored Cross-Site Scripting in abs.php msg Parameter
CVSS 8.5
CVE-2025-63520
MEDIUM
FeehiCMS 2.1.1 - Cross-Site Scripting via User Update ID Parameter
CVSS 6.1
CVE-2025-41070
MEDIUM
Sanoma Clickedu - Reflected Cross-Site Scripting via /students/carpetes_varies.php
CVE-2025-13802
MEDIUM
jairiidriss RestaurantWebsite - XSS
CVSS 4.3
CVE-2025-13795
LOW
codingWithElias School Management System <f1ac334bfd89ae9067cc14dea...
CVSS 2.4
CVE-2025-13793
MEDIUM
Winston-dsouza Ecommerce-Website <87734c043269baac0b4cfe96647844621...
CVSS 4.3
CVE-2025-13784
LOW
yungifez Skuul < 2.6.5 - Cross-Site Scripting via SVG File Handler in Dashboard Edit
CVSS 2.4
CVE-2025-66421
MEDIUM
Tryton sao < 7.6.11 - Cross-Site Scripting via Unescaped Completion Values
CVSS 5.4
CVE-2025-66420
MEDIUM
Tryton sao < 7.6.9 - Cross-Site Scripting via HTML Attachment
CVSS 5.4
CVE-2025-65892
MEDIUM
krpano < 1.23.2 - Unauthenticated Reflected Cross-Site Scripting via passQueryParameters XML Parameter
CVSS 6.1
CVE-2025-65540
MEDIUM
xmall v1.1 - Stored Cross-Site Scripting via Username and Description Fields
CVSS 6.1
CVE-2025-66036
MEDIUM
Retro < 2.4.7 - Cross-Site Scripting in Input Handling Component
CVSS 6.1
CVE-2025-51734
MEDIUM
HCL Unica 12.0.0 - Cross-Site Scripting
CVSS 5.4
CVE-2025-66359
HIGH
Logpoint SIEM < 7.7.0 - Cross-Site Scripting via Insufficient Input Validation
CVSS 8.5
CVE-2025-13692
HIGH
Unlimited Elements For Elementor <2.0 - XSS
CVSS 7.2
Details
Vulnerabilities
45,003
Exploit Likelihood
High