CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,022 vulnerabilities with CWE-79
CVE-2025-65012 MEDIUM
Kirby 5.0.0-5.1.3 - Stored Cross-Site Scripting via Page Title or Username
CVSS 5.4
CVE-2025-64325 CRITICAL
Emby Server <4.8.1.0-4.9.0.0-beta - Info Disclosure
CVSS 9.0
CVE-2025-63229 MEDIUM
Mozart FM Transmitter WEBMOZZI-00287 - XSS
CVSS 5.4
CVE-2025-63514 MEDIUM
kishan0725 Hospital Management System - XSS
CVSS 6.1
CVE-2025-56526 MEDIUM
Kotaemon < 0.11.0 - Stored Cross-Site Scripting via PDF Content Rendering
CVSS 6.1
CVE-2025-12761 LOW
Drupal Simple Multi Step Form <2.0.0 - XSS
CVSS 3.5
CVE-2025-63892 MEDIUM
SourceCodester Student Grades Management System 1.0 - XSS
CVSS 6.8
CVE-2025-63883 MEDIUM
Bhabishya-123 E-commerce - DOM-based Cross-Site Scripting via Unsafe JavaScript Sinks
CVSS 5.4
CVE-2025-59117 MEDIUM
Windu CMS 4.1 - Authenticated Stored Cross-Site Scripting in Page Editing Endpoint
CVSS 4.8
CVE-2025-59115 MEDIUM
Windu CMS 4.1 - Stored Cross-Site Scripting in Logon Page
CVSS 5.4
CVE-2025-13349 LOW
SourceCodester Student Grades Management System 1.0 - Stored Cross-Site Scripting in Grades.php Remarks Field
CVSS 3.5
CVE-2025-41350 MEDIUM
WinPlus v24.11.27 - Stored Cross-Site Scripting via 'descripcion' Parameter
CVSS 5.4
CVE-2025-41349 MEDIUM
WinPlus v24.11.27 - Stored Cross-Site Scripting via Descripcion Parameter
CVSS 5.4
CVE-2025-13343 LOW
SourceCodester Interview Management System 1.0 - Cross-Site Scripting via Question Parameter in editQuestion.php
CVSS 3.5
CVE-2025-4212 HIGH
Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting via File Upload
CVSS 7.2
CVE-2025-13196 MEDIUM
Element Pack Addons for Elementor <= 8.3.4 - Authenticated Stored XSS via Open Street Map Widget
CVSS 5.4
CVE-2025-12691 MEDIUM
Photonic Gallery & Lightbox <= 3.21 - Authenticated Stored XSS via Lightbox Caption
CVSS 6.4
CVE-2025-12457 MEDIUM
Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-12088 MEDIUM
Meta Display Block <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Meta Display Block
CVSS 6.4
CVE-2025-12079 MEDIUM
WP Twitter Auto Publish <1.7.3 - XSS
CVSS 6.1
CVE-2025-8609 MEDIUM
RTMKit < 1.6.5 - Authenticated Stored Cross-Site Scripting via Accordion Block Attributes
CVSS 6.4
CVE-2025-8605 MEDIUM
Gutenify <= 1.5.9 - Authenticated Stored XSS via Block Attributes
CVSS 6.4
CVE-2025-26391 MEDIUM
SolarWinds Observability Self-Hosted < 2025.4.1 - Authenticated Stored Cross-Site Scripting in User-Created URL Fields
CVSS 5.4
CVE-2025-12823 MEDIUM
CSV to SortTable <= 4.2 - Authenticated Stored Cross-Site Scripting via CSV Shortcode
CVSS 6.4
CVE-2025-12078 MEDIUM
ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Unauthenticated Reflected Cross-Site Scripting via PostMessage
CVSS 6.1
Details
Vulnerabilities 45,022
Exploit Likelihood High