CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,022 vulnerabilities with CWE-79
CVE-2025-11868
MEDIUM
everviz <= 1.1 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2025-64758
MEDIUM
DependencyTrack frontend 4.12.0-4.13.5 - Stored Cross-Site Scripting in Welcome Message
CVSS 4.8
CVE-2025-55059
MEDIUM
Maxum Rumpus - Cross-Site Scripting
CVSS 4.8
CVE-2025-55056
MEDIUM
Maxum Rumpus - Cross-Site Scripting
CVSS 4.8
CVE-2025-64046
MEDIUM
OpenRapid RapidCMS 1.3.1 - Cross-Site Scripting in /system/update-run.php
CVSS 6.1
CVE-2025-63708
MEDIUM
SourceCodester AI Font Matcher - XSS
CVSS 6.1
CVE-2025-40834
MEDIUM
Mendix RichText 4.0.0-4.6.0 - Cross-Site Scripting
CVSS 5.7
CVE-2025-13245
LOW
Student Information System 2.0 - Cross-Site Scripting in /editprofile.php
CVSS 3.5
CVE-2025-13244
MEDIUM
Student Information System 2.0 - Cross-Site Scripting in /register.php
CVSS 4.3
CVE-2025-13232
LOW
ProjectSend < r1720 - Cross-Site Scripting in File Editor/Custom Download Aliases
CVSS 3.5
CVE-2025-13202
LOW
Simple Cafe Ordering System 1.0 - Cross-Site Scripting via product_name Parameter
CVSS 3.5
CVE-2025-13186
LOW
bdtask isshue < 4.0 - Cross-Site Scripting via Search Argument in Customer Management
CVSS 2.4
CVE-2025-13182
LOW
h3blog 1.0 - Cross-Site Scripting via Title Parameter in Category Add Function
CVSS 3.5
CVE-2025-13181
LOW
h3blog 1.0 - Cross-Site Scripting via Name Argument in /admin/cms/material/add
CVSS 3.5
CVE-2025-13180
LOW
Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System < 20250320 - Cross-Site Scripting
CVSS 3.5
CVE-2025-13178
LOW
Bdtask SalesERP < 2025-10-24 - Cross-Site Scripting via User Profile Handler
CVSS 3.5
CVE-2025-63830
MEDIUM
CKFinder 1.4.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-63725
MEDIUM
SVX Portal 2.7A - Reflected Cross-Site Scripting via id Parameter
CVSS 6.1
CVE-2025-10018
MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Language Editor
CVSS 4.8
CVE-2025-13097
MEDIUM
Google Chrome < 136.0.7103.59 - Sandbox Escape via DevTools
CVSS 5.4
CVE-2025-12904
HIGH
SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data AJAX Endpoint
CVSS 7.2
CVE-2025-64747
MEDIUM
Directus < 11.13.0 - Stored Cross-Site Scripting via Block Editor Interface
CVSS 5.5
CVE-2025-64745
LOW
Astro 5.2.0-5.15.6 - Reflected Cross-Site Scripting via Development Server Error Pages
CVSS 2.7
CVE-2025-64744
LOW
OpenObserve <= 0.16.1 - Stored Cross-Site Scripting in Organization Name
CVSS 3.5
CVE-2025-59840
HIGH
Vega < 6.2.0 - Remote Code Execution via User-Defined JSON Definitions
CVSS 8.1
Details
Vulnerabilities
45,022
Exploit Likelihood
High