CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,012 vulnerabilities with CWE-79
CVE-2025-36153 MEDIUM
IBM Concert 1.0.0-2.0.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-55124 MEDIUM
Revive Adserver 6.0.0-6.0.1 - Reflected Cross-Site Scripting in banner-zone.php
CVSS 6.1
CVE-2025-55123 MEDIUM
Revive Adserver 5.5.2 and 6.0.1 - Cross-Site Scripting
CVSS 5.4
CVE-2025-52668 MEDIUM
Revive Adserver < 5.5.2 - Stored Cross-Site Scripting in stats-conversions.php
CVSS 5.4
CVE-2025-52667 MEDIUM
Revive Adserver < 5.5.2 - Stored Cross-Site Scripting via Missing JSON Content-Type Header
CVSS 5.4
CVE-2025-48987 MEDIUM
Revive Adserver <6.0.1 - Reflected XSS
CVSS 6.1
CVE-2025-35029 LOW
Medical Informatics Engineering Enterprise Health - Stored XSS in Demographic Information Page
CVSS 3.5
CVE-2025-55126 MEDIUM
Revive Adserver 6.0.0-6.0.2 - Stored Cross-Site Scripting via Campaign Name in Advertiser Navigation Box
CVSS 6.5
CVE-2025-64027 MEDIUM
Snipe-IT v8.3.4 - Authenticated Reflected Cross-Site Scripting via CSV Import Progress Message
CVSS 6.1
CVE-2025-63848 MEDIUM
SWISH < 2.2.0 - Stored Cross-Site Scripting via Web IDE Notebook
CVSS 6.1
CVE-2025-62731 MEDIUM
soplanning < 1.55.00 - Authenticated Stored Cross-Site Scripting in /feries Endpoint
CVSS 4.8
CVE-2025-62729 MEDIUM
soplanning < 1.55.00 - Authenticated Stored Cross-Site Scripting in Status Endpoint
CVSS 5.4
CVE-2025-62297 MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /projets Endpoint
CVSS 5.4
CVE-2025-62296 MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /taches Endpoint
CVSS 5.4
CVE-2025-62295 MEDIUM
soplanning < 1.55.00 - Stored Cross-Site Scripting in /groupe_form Endpoint
CVSS 5.4
CVE-2025-60737 MEDIUM
Ilevia EVE X1 Server <=4.7.18.0.eden-6.00 - XSS
CVSS 6.1
CVE-2025-64984 MEDIUM
Kaspersky Endpoint Security - Reflected Cross-Site Scripting via Phishing
CVSS 6.1
CVE-2025-60796 MEDIUM
phppgadmin < 7.13.0 - Cross-Site Scripting via $_REQUEST Parameter Reflection
CVSS 6.1
CVE-2025-5092 MEDIUM
LightGallery WP <1.0.5 - Authenticated Stored Cross-Site Scripting via lightGallery Library
CVSS 6.4
CVE-2025-13469 LOW
Public Knowledge Project omp/ojs <3.5.0 - XSS
CVSS 2.4
CVE-2025-13450 LOW
SourceCodester Online Shop Project 1.0 - Cross-Site Scripting via f_name Parameter
CVSS 3.5
CVE-2025-0643 HIGH
Pyxis Signage <= 31012025 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-13415 LOW
easyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter
CVSS 3.5
CVE-2025-11884 LOW
OpenText uCMDB 24.4 - Stored Cross-Site Scripting
CVE-2025-13412 LOW
Campcodes Retro Basketball Shoes Online Store 1.0 - Cross-Site Scripting via product_name Argument
CVSS 2.4
Details
Vulnerabilities 45,012
Exploit Likelihood High