CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,028 vulnerabilities with CWE-79
CVE-2025-64495 HIGH
Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion
CVSS 8.7
CVE-2025-64491 MEDIUM
SuiteCRM < 7.14.8 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-63420 MEDIUM
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CVSS 4.1
CVE-2025-64442 MEDIUM
HumHub < 1.17.4 - Stored Cross-Site Scripting in Meta-Search Feature
CVSS 6.1
CVE-2025-63544 MEDIUM
TechStore 1.0 - Cross-Site Scripting via Order Notes ID Parameter
CVSS 6.1
CVE-2025-63543 MEDIUM
TechStore 1.0 - Cross-Site Scripting via Search Results q Parameter
CVSS 6.1
CVE-2025-63640 MEDIUM
Sourcecodester Medicine Reminder App v1.0 - XSS
CVSS 6.1
CVE-2025-63639 MEDIUM
Sourcecodester FAQ Bot with AI Assistant v1.0 - XSS
CVSS 6.1
CVE-2025-63638 MEDIUM
Sourcecodester AI-Powered To-Do List App v1.0 - XSS
CVSS 6.1
CVE-2025-61261 MEDIUM
CKeditor v46.1.0 & Angular v18.0.0 - XSS
CVSS 5.4
CVE-2025-36135 MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.7_1, 6.2.0.0-6.2.0.5, 6.2.1.0 - Stored XSS
CVSS 5.4
CVE-2025-63714 MEDIUM
SourceCodester User Account Generator 1.0 - XSS
CVSS 6.1
CVE-2025-63713 MEDIUM
SourceCodester MatchMaster 1.0 - XSS
CVSS 6.1
CVE-2025-63785 MEDIUM
Onlook 0.2.32 - DOM-based Cross-Site Scripting in Text Editor via innerHTML Injection
CVSS 6.1
CVE-2025-58465 MEDIUM
Download Station <5.10.0.304-5.10.0.305 - XSS
CVSS 5.4
CVE-2025-57706 MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5017 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-54168 MEDIUM
QuLog Center 1.8.0.872-1.8.2.923 - Authenticated Cross-Site Scripting
CVSS 4.8
CVE-2025-54167 HIGH
Notification Center <2.1.0.3443, <1.9.2.3163, <3.0.0.3466 - XSS
CVE-2025-64339 MEDIUM
ClipBucket 5.3-5.5.2-146 - Authenticated Stored Cross-Site Scripting via Playlist Name Field
CVSS 5.4
CVE-2025-12520 MEDIUM
WP Airbnb Review Slider <= 4.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.0
CVE-2025-64338 CRITICAL
ClipBucket 5.5.2-#156 and below - Authenticated Stored Cross-Site Scripting via Photo Collection Name
CVSS 9.0
CVE-2025-64336 MEDIUM
ClipBucket 5.3-5.5.2-146 - Authenticated Stored Cross-Site Scripting via Photo Title
CVSS 5.4
CVE-2025-52662 MEDIUM
Nuxt DevTools < 2.6.4 - Cross-Site Scripting via Auth Token Extraction
CVSS 6.9
CVE-2025-64302 MEDIUM
Advantech DeviceOn iEdge < 2.0.2 - Cross-Site Scripting via Dashboard Label or Path
CVSS 6.4
CVE-2025-64177 MEDIUM
ThinkDashboard < 0.6.8 - Stored Cross-Site Scripting via Malicious Bookmark
CVSS 5.4
Details
Vulnerabilities 45,028
Exploit Likelihood High