CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,012 vulnerabilities with CWE-79
CVE-2025-64130 CRITICAL
Zenitel TCIV-3+ < 9.3.3.0 - Reflected Cross-Site Scripting
CVSS 9.8
CVE-2025-65237 MEDIUM
OpenCode Systems USSD Gateway OC Release: 5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9163 MEDIUM
Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-66026 MEDIUM
REDAXO < 5.20.1 - Authenticated Reflected Cross-Site Scripting via Mediapool args[types] Parameter
CVSS 6.1
CVE-2025-66021 MEDIUM
OWASP Java HTML Sanitizer 20240325.1 - XSS
CVSS 6.1
CVE-2025-12848 MEDIUM
Webform Multiple File Upload module for Drupal 7.x - XSS
CVSS 6.1
CVE-2025-66258 MEDIUM
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter - XSS
CVSS 5.4
CVE-2025-65956 MEDIUM
Formwork < 2.2.0 - Stored Cross-Site Scripting in Blog Tag Field
CVSS 6.5
CVE-2025-63735 MEDIUM
Ruckus Unleashed 200.13.6.1.319 - XSS
CVSS 6.1
CVE-2025-21621 MEDIUM
GeoServer < 2.25.0 - Reflected Cross-Site Scripting via WMS GetFeatureInfo SLD_BODY Parameter
CVSS 6.1
CVE-2025-65961 LOW
Contao <4.13.57-5.6.5 - Code Injection
CVSS 3.3
CVE-2025-64049 MEDIUM
REDAXO CMS 5.20.0 - Stored Cross-Site Scripting via Module Output Code Field
CVSS 4.8
CVE-2025-60739 CRITICAL
Ilevia EVE X1 Server <4.7.18.0.eden-2025_07_21 - CSRF
CVSS 9.6
CVE-2025-40890 HIGH
Nozomi Networks CMC and Guardian < 25.4.0 - Authenticated Stored Cross-Site Scripting via Dashboard Import
CVSS 7.9
CVE-2025-0248 HIGH
HCL iNotes <12.0.2 FP6 and <14.0 FP4 - Reflected Cross-Site Scripting
CVSS 8.1
CVE-2025-13383 MEDIUM
Job Board by BestWebSoft <= 1.2.1 - Stored Cross-Site Scripting via Saved Search Results
CVSS 6.1
CVE-2025-13311 MEDIUM
Just Highlight <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Highlight Color Setting
CVSS 4.4
CVE-2025-12645 MEDIUM
WordPress Inline frame - Iframe plugin <0.1 - XSS
CVSS 6.4
CVE-2025-12032 MEDIUM
Zweb Social Mobile - WordPress <1.0.0 - XSS
CVSS 4.4
CVE-2025-12025 MEDIUM
YouTube Subscribe plugin <3.0.0 - XSS
CVSS 4.4
CVE-2025-64730 MEDIUM
SNC-CX600W - Cross-Site Scripting
CVSS 6.1
CVE-2025-13068 HIGH
Telegram Bot & Channel plugin <4.1 - XSS
CVSS 7.2
CVE-2025-63498 MEDIUM
alinto SOGo 5.12.3 - Cross-Site Scripting via userName Parameter
CVSS 6.1
CVE-2025-64048 MEDIUM
YCCMS 3.4 - Stored Cross-Site Scripting in Article Title Field
CVSS 6.1
CVE-2025-64047 MEDIUM
OpenRapid RapidCMS 1.3.1 - Cross-Site Scripting in User Move Page
CVSS 6.1
Details
Vulnerabilities 45,012
Exploit Likelihood High