CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,012 vulnerabilities with CWE-79
CVE-2025-60917
MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - XSS
CVSS 4.6
CVE-2025-60916
MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - XSS
CVSS 5.4
CVE-2025-60914
MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - Info Disclosure
CVSS 4.6
CVE-2025-10555
HIGH
DELMIA Service Process Engineer <R2025x - XSS
CVSS 8.7
CVE-2025-10554
HIGH
3DEXPERIENCE ENOVIA R2023x-R2025x - Stored Cross-Site Scripting in Requirements
CVSS 8.7
CVE-2025-41087
MEDIUM
Taclia's web application - Stored Cross-Site Scripting via SVG Image Upload
CVE-2025-12739
HIGH
Google Looker Extensions - Admin-Triggered Cross-Site Scripting
CVE-2025-13584
LOW
Eigenfocus < 1.4.1 - Cross-Site Scripting via Description Handler
CVSS 3.5
CVE-2025-13589
MEDIUM
Otsuka FMS - Reflected Cross-Site Scripting
CVE-2025-13577
LOW
PHPGurukul Hostel Management System 2.1 - Cross-Site Scripting via cdetails Parameter
CVSS 3.5
CVE-2025-11186
MEDIUM
Cookie Notice & Compliance <2.5.8 - XSS
CVSS 6.4
CVE-2025-66111
MEDIUM
Nelio Popups <= 1.3.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66098
MEDIUM
Travelers' Map <= 2.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66093
MEDIUM
hupe13 Extensions for Leaflet Map - XSS
CVSS 6.5
CVE-2025-66092
MEDIUM
bqworks Accordion Slider <= 1.9.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66091
MEDIUM
Stylish Cost Calculator <8.1.5 - XSS
CVSS 6.5
CVE-2025-66090
MEDIUM
sonalsinha21 SKT Skill Bar <= 2.5 - XSS
CVSS 6.5
CVE-2025-66081
MEDIUM
Jeff Starr Head Meta Data <= 20250327 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-66067
MEDIUM
FunnelKit Funnel Builder <3.13.1.2 - XSS
CVSS 6.5
CVE-2025-66066
MEDIUM
EnvoThemes Envo Extra <=1.9.11 - XSS
CVSS 6.5
CVE-2025-66057
MEDIUM
Bold Page Builder <= 5.5.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-66053
MEDIUM
Enfold <= 7.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-12935
MEDIUM
FluentCRM < 2.9.84 - Authenticated Stored Cross-Site Scripting via fluentcrm_content Shortcode
CVSS 6.4
CVE-2025-12964
MEDIUM
Magical Products Display <1.1.29 - XSS
CVSS 6.4
CVE-2025-12160
HIGH
Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting via wpr_admin_msg Parameter
CVSS 7.2
Details
Vulnerabilities
45,012
Exploit Likelihood
High