CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,022 vulnerabilities with CWE-79
CVE-2025-20353 MEDIUM
Cisco Catalyst Center < 2.3.7.10 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-62482 MEDIUM
Zoom Workplace Desktop < 6.5.10 - Unauthenticated Cross-Site Scripting
CVSS 4.3
CVE-2025-40681 MEDIUM
xCally Omnichannel 3.30.1 - Reflected Cross-Site Scripting via Login Failure Message Parameter
CVE-2025-64383 MEDIUM
Qi Blocks <= 1.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64381 MEDIUM
wpdevelop Booking Calendar <10.14.7 - XSS
CVSS 6.5
CVE-2025-64380 MEDIUM
Booster for WooCommerce <= 7.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64292 MEDIUM
PascalBajorat Analytics <1.6.2 - XSS
CVSS 6.5
CVE-2025-64275 MEDIUM
Booking Manager <= 2.1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64264 MEDIUM
Popup addon for Ninja Forms <3.5.1 - XSS
CVSS 5.9
CVE-2025-8397 MEDIUM
Save as PDF Button <= 1.9.2 - Authenticated Stored Cross-Site Scripting via restpackpdfbutton Shortcode
CVSS 6.4
CVE-2025-11769 MEDIUM
WordPress Content Flipper <0.1 - XSS
CVSS 6.4
CVE-2025-10295 MEDIUM
Angel - Fashion Model Agency WordPress CMS Theme <3.2.3 - XSS
CVSS 6.4
CVE-2025-64716 MEDIUM
Anubis < 1.23.0 - Open Redirect via Subrequest Authentication
CVE-2025-64711 LOW
PrivateBin 1.7.7-2.0.3 - Self Cross-Site Scripting via Drag-and-Drop Filename
CVSS 3.9
CVE-2025-64710 MEDIUM
Bitplatform Boilerplate <9.11.3 - XSS
CVE-2025-63645 MEDIUM
pH7Software pH7-Social-Dating-CMS 17.9.1 - XSS
CVSS 5.4
CVE-2025-13058 LOW
extplorer < 2.1.15 - Cross-Site Scripting in Filename Handler
CVSS 3.5
CVE-2025-60646 MEDIUM
xxl-api < 1.3.0 - Stored Cross-Site Scripting via Business Line Name Parameter
CVSS 6.1
CVE-2025-63419 MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
CVSS 6.1
CVE-2025-59491 MEDIUM
CentralSquare Community Development 19.5.7 - Cross-Site Scripting via Form Fields
CVSS 6.1
CVE-2025-52331 MEDIUM
WinRAR 7.11 - Cross-Site Scripting in Generate Report Functionality
CVSS 6.1
CVE-2025-11994 HIGH
Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
CVSS 7.2
CVE-2025-61623 MEDIUM
Apache OFBiz < 24.09.03 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-11962 HIGH
DivvyDrive Digital Corporate Warehouse <4.8.2.22 - XSS
CVSS 7.3
CVE-2025-12872 MEDIUM
aEnrich a+HRD <7.5 and a+HCM >=8.1 <8.1 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 5.4
Details
Vulnerabilities 45,022
Exploit Likelihood High