CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,012 vulnerabilities with CWE-79
CVE-2025-60917 MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - XSS
CVSS 4.6
CVE-2025-60916 MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - XSS
CVSS 5.4
CVE-2025-60914 MEDIUM
Austrian Archaeological Institute Openatlas <8.12.0 - Info Disclosure
CVSS 4.6
CVE-2025-10555 HIGH
DELMIA Service Process Engineer <R2025x - XSS
CVSS 8.7
CVE-2025-10554 HIGH
3DEXPERIENCE ENOVIA R2023x-R2025x - Stored Cross-Site Scripting in Requirements
CVSS 8.7
CVE-2025-41087 MEDIUM
Taclia's web application - Stored Cross-Site Scripting via SVG Image Upload
CVE-2025-12739 HIGH
Google Looker Extensions - Admin-Triggered Cross-Site Scripting
CVE-2025-13584 LOW
Eigenfocus < 1.4.1 - Cross-Site Scripting via Description Handler
CVSS 3.5
CVE-2025-13589 MEDIUM
Otsuka FMS - Reflected Cross-Site Scripting
CVE-2025-13577 LOW
PHPGurukul Hostel Management System 2.1 - Cross-Site Scripting via cdetails Parameter
CVSS 3.5
CVE-2025-11186 MEDIUM
Cookie Notice & Compliance <2.5.8 - XSS
CVSS 6.4
CVE-2025-66111 MEDIUM
Nelio Popups <= 1.3.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66098 MEDIUM
Travelers' Map <= 2.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66093 MEDIUM
hupe13 Extensions for Leaflet Map - XSS
CVSS 6.5
CVE-2025-66092 MEDIUM
bqworks Accordion Slider <= 1.9.13 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-66091 MEDIUM
Stylish Cost Calculator <8.1.5 - XSS
CVSS 6.5
CVE-2025-66090 MEDIUM
sonalsinha21 SKT Skill Bar <= 2.5 - XSS
CVSS 6.5
CVE-2025-66081 MEDIUM
Jeff Starr Head Meta Data <= 20250327 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-66067 MEDIUM
FunnelKit Funnel Builder <3.13.1.2 - XSS
CVSS 6.5
CVE-2025-66066 MEDIUM
EnvoThemes Envo Extra <=1.9.11 - XSS
CVSS 6.5
CVE-2025-66057 MEDIUM
Bold Page Builder <= 5.5.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-66053 MEDIUM
Enfold <= 7.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-12935 MEDIUM
FluentCRM < 2.9.84 - Authenticated Stored Cross-Site Scripting via fluentcrm_content Shortcode
CVSS 6.4
CVE-2025-12964 MEDIUM
Magical Products Display <1.1.29 - XSS
CVSS 6.4
CVE-2025-12160 HIGH
Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting via wpr_admin_msg Parameter
CVSS 7.2
Details
Vulnerabilities 45,012
Exploit Likelihood High