CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,022 vulnerabilities with CWE-79
CVE-2025-11868 MEDIUM
everviz <= 1.1 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2025-64758 MEDIUM
DependencyTrack frontend 4.12.0-4.13.5 - Stored Cross-Site Scripting in Welcome Message
CVSS 4.8
CVE-2025-55059 MEDIUM
Maxum Rumpus - Cross-Site Scripting
CVSS 4.8
CVE-2025-55056 MEDIUM
Maxum Rumpus - Cross-Site Scripting
CVSS 4.8
CVE-2025-64046 MEDIUM
OpenRapid RapidCMS 1.3.1 - Cross-Site Scripting in /system/update-run.php
CVSS 6.1
CVE-2025-63708 MEDIUM
SourceCodester AI Font Matcher - XSS
CVSS 6.1
CVE-2025-40834 MEDIUM
Mendix RichText 4.0.0-4.6.0 - Cross-Site Scripting
CVSS 5.7
CVE-2025-13245 LOW
Student Information System 2.0 - Cross-Site Scripting in /editprofile.php
CVSS 3.5
CVE-2025-13244 MEDIUM
Student Information System 2.0 - Cross-Site Scripting in /register.php
CVSS 4.3
CVE-2025-13232 LOW
ProjectSend < r1720 - Cross-Site Scripting in File Editor/Custom Download Aliases
CVSS 3.5
CVE-2025-13202 LOW
Simple Cafe Ordering System 1.0 - Cross-Site Scripting via product_name Parameter
CVSS 3.5
CVE-2025-13186 LOW
bdtask isshue < 4.0 - Cross-Site Scripting via Search Argument in Customer Management
CVSS 2.4
CVE-2025-13182 LOW
h3blog 1.0 - Cross-Site Scripting via Title Parameter in Category Add Function
CVSS 3.5
CVE-2025-13181 LOW
h3blog 1.0 - Cross-Site Scripting via Name Argument in /admin/cms/material/add
CVSS 3.5
CVE-2025-13180 LOW
Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System < 20250320 - Cross-Site Scripting
CVSS 3.5
CVE-2025-13178 LOW
Bdtask SalesERP < 2025-10-24 - Cross-Site Scripting via User Profile Handler
CVSS 3.5
CVE-2025-63830 MEDIUM
CKFinder 1.4.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-63725 MEDIUM
SVX Portal 2.7A - Reflected Cross-Site Scripting via id Parameter
CVSS 6.1
CVE-2025-10018 MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Language Editor
CVSS 4.8
CVE-2025-13097 MEDIUM
Google Chrome < 136.0.7103.59 - Sandbox Escape via DevTools
CVSS 5.4
CVE-2025-12904 HIGH
SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data AJAX Endpoint
CVSS 7.2
CVE-2025-64747 MEDIUM
Directus < 11.13.0 - Stored Cross-Site Scripting via Block Editor Interface
CVSS 5.5
CVE-2025-64745 LOW
Astro 5.2.0-5.15.6 - Reflected Cross-Site Scripting via Development Server Error Pages
CVSS 2.7
CVE-2025-64744 LOW
OpenObserve <= 0.16.1 - Stored Cross-Site Scripting in Organization Name
CVSS 3.5
CVE-2025-59840 HIGH
Vega < 6.2.0 - Remote Code Execution via User-Defined JSON Definitions
CVSS 8.1
Details
Vulnerabilities 45,022
Exploit Likelihood High