CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,022 vulnerabilities with CWE-79
CVE-2025-12869
MEDIUM
a+HRD < 7.5 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-12018
MEDIUM
MembershipWorks - WordPress <6.14 - XSS
CVSS 4.4
CVE-2025-62211
HIGH
Dynamics 365 Field Service < 8.8.139.398 - Cross-Site Scripting
CVSS 8.7
CVE-2025-62210
HIGH
Dynamics 365 Field Service < 8.8.139.398 - Authenticated Cross-Site Scripting
CVSS 8.7
CVE-2025-9227
MEDIUM
Zohocorp ManageEngine OpManager <128609 - XSS
CVSS 6.5
CVE-2025-12101
MEDIUM
NetScaler ADC/NetScaler Gateway - XSS
CVE-2025-41106
MEDIUM
Fairsketch RISE Ultimate Project Manager < 3.9 - Cross-Site Scripting via First Name Parameter
CVSS 5.4
CVE-2025-41105
MEDIUM
Fairsketch RISE Ultimate Project Manager < 3.9 - Stored Cross-Site Scripting via Tickets Title Parameter
CVSS 5.4
CVE-2025-41104
MEDIUM
Fairsketch RISE Ultimate Project Manager < 3.9 - Stored Cross-Site Scripting via Estimate Request Custom Field
CVSS 5.4
CVE-2025-41103
MEDIUM
Fairsketch RISE Ultimate Project Manager < 3.9 - Stored Cross-Site Scripting via Reply Message Parameter
CVSS 5.4
CVE-2025-41102
MEDIUM
Fairsketch RISE CRM Framework < 3.9 - Cross-Site Scripting via Events Title Parameter
CVSS 5.4
CVE-2025-41101
MEDIUM
rise_ultimate_project_manager < 3.9 - Stored Cross-Site Scripting via Project Title Parameter
CVSS 5.4
CVE-2025-11960
MEDIUM
Aryom Software High Technology Systems Inc. KVKNET <2.1.8 - XSS
CVSS 6.1
CVE-2025-7633
HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5.723 - XSS
CVSS 7.3
CVE-2025-7632
HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5.723 - XSS
CVSS 7.3
CVE-2025-7430
HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5.723 - XSS
CVSS 7.3
CVE-2025-7429
HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5.723 - XSS
CVSS 7.3
CVE-2025-12880
MEDIUM
Progress Bar Blocks for Gutenberg <1.0.0 - XSS
CVSS 5.4
CVE-2025-12754
MEDIUM
Geopost < 1.2 - Authenticated Stored Cross-Site Scripting via Height Parameter
CVSS 6.4
CVE-2025-12711
MEDIUM
WordPress Share to Google Classroom <1.0 - XSS
CVSS 6.4
CVE-2025-12672
MEDIUM
Flickr Show <= 1.5 - Authenticated Stored Cross-Site Scripting via div_height Parameter
CVSS 6.4
CVE-2025-12671
MEDIUM
WP-Iconics <= 0.0.4 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-12668
MEDIUM
WP Count Down Timer <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-12667
MEDIUM
GitHub Gist Shortcode Plugin <0.3 - XSS
CVSS 6.4
CVE-2025-12663
MEDIUM
Jeba Cute forkit <= 1.0 - Authenticated Stored Cross-Site Scripting via 'text' Parameter
CVSS 6.4
Details
Vulnerabilities
45,022
Exploit Likelihood
High