CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,012 vulnerabilities with CWE-79
CVE-2025-36153
MEDIUM
IBM Concert 1.0.0-2.0.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-55124
MEDIUM
Revive Adserver 6.0.0-6.0.1 - Reflected Cross-Site Scripting in banner-zone.php
CVSS 6.1
CVE-2025-55123
MEDIUM
Revive Adserver 5.5.2 and 6.0.1 - Cross-Site Scripting
CVSS 5.4
CVE-2025-52668
MEDIUM
Revive Adserver < 5.5.2 - Stored Cross-Site Scripting in stats-conversions.php
CVSS 5.4
CVE-2025-52667
MEDIUM
Revive Adserver < 5.5.2 - Stored Cross-Site Scripting via Missing JSON Content-Type Header
CVSS 5.4
CVE-2025-48987
MEDIUM
Revive Adserver <6.0.1 - Reflected XSS
CVSS 6.1
CVE-2025-35029
LOW
Medical Informatics Engineering Enterprise Health - Stored XSS in Demographic Information Page
CVSS 3.5
CVE-2025-55126
MEDIUM
Revive Adserver 6.0.0-6.0.2 - Stored Cross-Site Scripting via Campaign Name in Advertiser Navigation Box
CVSS 6.5
CVE-2025-64027
MEDIUM
Snipe-IT v8.3.4 - Authenticated Reflected Cross-Site Scripting via CSV Import Progress Message
CVSS 6.1
CVE-2025-63848
MEDIUM
SWISH < 2.2.0 - Stored Cross-Site Scripting via Web IDE Notebook
CVSS 6.1
CVE-2025-62731
MEDIUM
soplanning < 1.55.00 - Authenticated Stored Cross-Site Scripting in /feries Endpoint
CVSS 4.8
CVE-2025-62729
MEDIUM
soplanning < 1.55.00 - Authenticated Stored Cross-Site Scripting in Status Endpoint
CVSS 5.4
CVE-2025-62297
MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /projets Endpoint
CVSS 5.4
CVE-2025-62296
MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /taches Endpoint
CVSS 5.4
CVE-2025-62295
MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /groupe_form Endpoint
CVSS 5.4
CVE-2025-60737
MEDIUM
Ilevia EVE X1 Server <=4.7.18.0.eden-6.00 - XSS
CVSS 6.1
CVE-2025-64984
MEDIUM
Kaspersky Endpoint Security - Reflected Cross-Site Scripting via Phishing
CVSS 6.1
CVE-2025-60796
MEDIUM
phppgadmin < 7.13.0 - Cross-Site Scripting via $_REQUEST Parameter Reflection
CVSS 6.1
CVE-2025-5092
MEDIUM
LightGallery WP <1.0.5 - Authenticated Stored Cross-Site Scripting via lightGallery Library
CVSS 6.4
CVE-2025-13469
LOW
Public Knowledge Project omp/ojs <3.5.0 - XSS
CVSS 2.4
CVE-2025-13450
LOW
SourceCodester Online Shop Project 1.0 - Cross-Site Scripting via f_name Parameter
CVSS 3.5
CVE-2025-0643
HIGH
Pyxis Signage <= 31012025 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-13415
LOW
easyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter
CVSS 3.5
CVE-2025-11884
LOW
OpenText uCMDB 24.4 - Stored Cross-Site Scripting
CVE-2025-13412
LOW
Campcodes Retro Basketball Shoes Online Store 1.0 - Cross-Site Scripting via product_name Argument
CVSS 2.4
Details
Vulnerabilities
45,012
Exploit Likelihood
High