CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,022 vulnerabilities with CWE-79
CVE-2025-60737 MEDIUM
Ilevia EVE X1 Server <=4.7.18.0.eden-6.00 - XSS
CVSS 6.1
CVE-2025-64984 MEDIUM
Kaspersky Endpoint Security - Reflected Cross-Site Scripting via Phishing
CVSS 6.1
CVE-2025-60796 MEDIUM
phppgadmin < 7.13.0 - Cross-Site Scripting via $_REQUEST Parameter Reflection
CVSS 6.1
CVE-2025-5092 MEDIUM
LightGallery WP <1.0.5 - Authenticated Stored Cross-Site Scripting via lightGallery Library
CVSS 6.4
CVE-2025-13469 LOW
Public Knowledge Project omp/ojs <3.5.0 - XSS
CVSS 2.4
CVE-2025-13450 LOW
SourceCodester Online Shop Project 1.0 - Cross-Site Scripting via f_name Parameter
CVSS 3.5
CVE-2025-0643 HIGH
Pyxis Signage <= 31012025 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-13415 LOW
easyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter
CVSS 3.5
CVE-2025-11884 LOW
OpenText uCMDB 24.4 - Stored Cross-Site Scripting
CVE-2025-13412 LOW
Campcodes Retro Basketball Shoes Online Store 1.0 - Cross-Site Scripting via product_name Argument
CVSS 2.4
CVE-2025-51662 MEDIUM
FileCodeBox < 2.2 - Stored Cross-Site Scripting in Text Sharing Feature
CVSS 5.4
CVE-2025-63211 MEDIUM
Bridgetech VBC Server & Element Manager <6.5.0-10 - XSS
CVSS 6.1
CVE-2025-65095 CRITICAL
Lookyloo < 1.35.1 - Cross-Site Scripting on Index and Tree Pages
CVE-2025-65026 MEDIUM
esm.sh < 136 - Remote Code Execution via CSS Module Conversion Template Literal Injection
CVSS 6.1
CVE-2025-65019 MEDIUM
Astro < 5.15.9 - Cross-Site Scripting via Cloudflare Image Optimization Endpoint
CVSS 5.4
CVE-2025-63879 MEDIUM
php-ecommerce-project 1.0 and earlier - Reflected Cross-Site Scripting via id Parameter
CVSS 6.1
CVE-2025-63243 MEDIUM
Pixeon WebLaudos 25.1 (01) - Reflected Cross-Site Scripting via sle_sSenha Parameter
CVSS 4.6
CVE-2025-11963 MEDIUM
StarCities < 1.1.61 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-13206 HIGH
GiveWP <= 4.13.0 - Unauthenticated Stored XSS via Name Parameter
CVSS 7.2
CVE-2025-12484 HIGH
RafflePress < 1.12.19 - Unauthenticated Stored XSS via Social Media Username
CVSS 7.2
CVE-2025-13054 MEDIUM
User Profile Builder < 3.14.8 - Authenticated Stored Cross-Site Scripting via wppb-embed Shortcode
CVSS 6.4
CVE-2025-12878 MEDIUM
FunnelKit - WooCommerce Checkout <3.13.1.2 - XSS
CVSS 6.4
CVE-2025-12710 MEDIUM
Pet-Manager - Petfinder <3.6.1 - XSS
CVSS 6.4
CVE-2025-6251 MEDIUM
Royal Elementor Addons & Templates <1.7.1036 - XSS
CVSS 6.4
CVE-2025-65013 MEDIUM
LibreNMS < 25.11.0 - Reflected Cross-Site Scripting via Image Name Parameter
CVSS 6.2
Details
Vulnerabilities 45,022
Exploit Likelihood High