CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,022 vulnerabilities with CWE-79
CVE-2025-60737
MEDIUM
Ilevia EVE X1 Server <=4.7.18.0.eden-6.00 - XSS
CVSS 6.1
CVE-2025-64984
MEDIUM
Kaspersky Endpoint Security - Reflected Cross-Site Scripting via Phishing
CVSS 6.1
CVE-2025-60796
MEDIUM
phppgadmin < 7.13.0 - Cross-Site Scripting via $_REQUEST Parameter Reflection
CVSS 6.1
CVE-2025-5092
MEDIUM
LightGallery WP <1.0.5 - Authenticated Stored Cross-Site Scripting via lightGallery Library
CVSS 6.4
CVE-2025-13469
LOW
Public Knowledge Project omp/ojs <3.5.0 - XSS
CVSS 2.4
CVE-2025-13450
LOW
SourceCodester Online Shop Project 1.0 - Cross-Site Scripting via f_name Parameter
CVSS 3.5
CVE-2025-0643
HIGH
Pyxis Signage <= 31012025 - Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-13415
LOW
easyimages2.0 < 2.8.6 - Cross-Site Scripting via SVG Image Handler File Parameter
CVSS 3.5
CVE-2025-11884
LOW
OpenText uCMDB 24.4 - Stored Cross-Site Scripting
CVE-2025-13412
LOW
Campcodes Retro Basketball Shoes Online Store 1.0 - Cross-Site Scripting via product_name Argument
CVSS 2.4
CVE-2025-51662
MEDIUM
FileCodeBox < 2.2 - Stored Cross-Site Scripting in Text Sharing Feature
CVSS 5.4
CVE-2025-63211
MEDIUM
Bridgetech VBC Server & Element Manager <6.5.0-10 - XSS
CVSS 6.1
CVE-2025-65095
CRITICAL
Lookyloo < 1.35.1 - Cross-Site Scripting on Index and Tree Pages
CVE-2025-65026
MEDIUM
esm.sh < 136 - Remote Code Execution via CSS Module Conversion Template Literal Injection
CVSS 6.1
CVE-2025-65019
MEDIUM
Astro < 5.15.9 - Cross-Site Scripting via Cloudflare Image Optimization Endpoint
CVSS 5.4
CVE-2025-63879
MEDIUM
php-ecommerce-project 1.0 and earlier - Reflected Cross-Site Scripting via id Parameter
CVSS 6.1
CVE-2025-63243
MEDIUM
Pixeon WebLaudos 25.1 (01) - Reflected Cross-Site Scripting via sle_sSenha Parameter
CVSS 4.6
CVE-2025-11963
MEDIUM
StarCities < 1.1.61 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-13206
HIGH
GiveWP <= 4.13.0 - Unauthenticated Stored XSS via Name Parameter
CVSS 7.2
CVE-2025-12484
HIGH
RafflePress < 1.12.19 - Unauthenticated Stored XSS via Social Media Username
CVSS 7.2
CVE-2025-13054
MEDIUM
User Profile Builder < 3.14.8 - Authenticated Stored Cross-Site Scripting via wppb-embed Shortcode
CVSS 6.4
CVE-2025-12878
MEDIUM
FunnelKit - WooCommerce Checkout <3.13.1.2 - XSS
CVSS 6.4
CVE-2025-12710
MEDIUM
Pet-Manager - Petfinder <3.6.1 - XSS
CVSS 6.4
CVE-2025-6251
MEDIUM
Royal Elementor Addons & Templates <1.7.1036 - XSS
CVSS 6.4
CVE-2025-65013
MEDIUM
LibreNMS < 25.11.0 - Reflected Cross-Site Scripting via Image Name Parameter
CVSS 6.2
Details
Vulnerabilities
45,022
Exploit Likelihood
High