CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,022 vulnerabilities with CWE-79
CVE-2025-20353
MEDIUM
Cisco Catalyst Center < 2.3.7.10 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-62482
MEDIUM
Zoom Workplace Desktop < 6.5.10 - Unauthenticated Cross-Site Scripting
CVSS 4.3
CVE-2025-40681
MEDIUM
xCally Omnichannel 3.30.1 - Reflected Cross-Site Scripting via Login Failure Message Parameter
CVE-2025-64383
MEDIUM
Qi Blocks <= 1.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64381
MEDIUM
wpdevelop Booking Calendar <10.14.7 - XSS
CVSS 6.5
CVE-2025-64380
MEDIUM
Booster for WooCommerce <= 7.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64292
MEDIUM
PascalBajorat Analytics <1.6.2 - XSS
CVSS 6.5
CVE-2025-64275
MEDIUM
Booking Manager <= 2.1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64264
MEDIUM
Popup addon for Ninja Forms <3.5.1 - XSS
CVSS 5.9
CVE-2025-8397
MEDIUM
Save as PDF Button <= 1.9.2 - Authenticated Stored Cross-Site Scripting via restpackpdfbutton Shortcode
CVSS 6.4
CVE-2025-11769
MEDIUM
WordPress Content Flipper <0.1 - XSS
CVSS 6.4
CVE-2025-10295
MEDIUM
Angel - Fashion Model Agency WordPress CMS Theme <3.2.3 - XSS
CVSS 6.4
CVE-2025-64716
MEDIUM
Anubis < 1.23.0 - Open Redirect via Subrequest Authentication
CVE-2025-64711
LOW
PrivateBin 1.7.7-2.0.3 - Self Cross-Site Scripting via Drag-and-Drop Filename
CVSS 3.9
CVE-2025-64710
MEDIUM
Bitplatform Boilerplate <9.11.3 - XSS
CVE-2025-63645
MEDIUM
pH7Software pH7-Social-Dating-CMS 17.9.1 - XSS
CVSS 5.4
CVE-2025-13058
LOW
extplorer < 2.1.15 - Cross-Site Scripting in Filename Handler
CVSS 3.5
CVE-2025-60646
MEDIUM
xxl-api < 1.3.0 - Stored Cross-Site Scripting via Business Line Name Parameter
CVSS 6.1
CVE-2025-63419
MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
CVSS 6.1
CVE-2025-59491
MEDIUM
CentralSquare Community Development 19.5.7 - Cross-Site Scripting via Form Fields
CVSS 6.1
CVE-2025-52331
MEDIUM
WinRAR 7.11 - Cross-Site Scripting in Generate Report Functionality
CVSS 6.1
CVE-2025-11994
HIGH
Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
CVSS 7.2
CVE-2025-61623
MEDIUM
Apache OFBiz < 24.09.03 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-11962
HIGH
DivvyDrive Digital Corporate Warehouse <4.8.2.22 - XSS
CVSS 7.3
CVE-2025-12872
MEDIUM
aEnrich a+HRD <7.5 and a+HCM >=8.1 <8.1 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 5.4
Details
Vulnerabilities
45,022
Exploit Likelihood
High