CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,028 vulnerabilities with CWE-79
CVE-2025-64495
HIGH
Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion
CVSS 8.7
CVE-2025-64491
MEDIUM
SuiteCRM < 7.14.8 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-63420
MEDIUM
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CVSS 4.1
CVE-2025-64442
MEDIUM
HumHub < 1.17.4 - Stored Cross-Site Scripting in Meta-Search Feature
CVSS 6.1
CVE-2025-63544
MEDIUM
TechStore 1.0 - Cross-Site Scripting via Order Notes ID Parameter
CVSS 6.1
CVE-2025-63543
MEDIUM
TechStore 1.0 - Cross-Site Scripting via Search Results q Parameter
CVSS 6.1
CVE-2025-63640
MEDIUM
Sourcecodester Medicine Reminder App v1.0 - XSS
CVSS 6.1
CVE-2025-63639
MEDIUM
Sourcecodester FAQ Bot with AI Assistant v1.0 - XSS
CVSS 6.1
CVE-2025-63638
MEDIUM
Sourcecodester AI-Powered To-Do List App v1.0 - XSS
CVSS 6.1
CVE-2025-61261
MEDIUM
CKeditor v46.1.0 & Angular v18.0.0 - XSS
CVSS 5.4
CVE-2025-36135
MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.7_1, 6.2.0.0-6.2.0.5, 6.2.1.0 - Stored XSS
CVSS 5.4
CVE-2025-63714
MEDIUM
SourceCodester User Account Generator 1.0 - XSS
CVSS 6.1
CVE-2025-63713
MEDIUM
SourceCodester MatchMaster 1.0 - XSS
CVSS 6.1
CVE-2025-63785
MEDIUM
Onlook 0.2.32 - DOM-based Cross-Site Scripting in Text Editor via innerHTML Injection
CVSS 6.1
CVE-2025-58465
MEDIUM
Download Station <5.10.0.304-5.10.0.305 - XSS
CVSS 5.4
CVE-2025-57706
MEDIUM
QNAP File Station 5.5.6.4691-5.5.6.5017 - Authenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-54168
MEDIUM
QuLog Center 1.8.0.872-1.8.2.923 - Authenticated Cross-Site Scripting
CVSS 4.8
CVE-2025-54167
HIGH
Notification Center <2.1.0.3443, <1.9.2.3163, <3.0.0.3466 - XSS
CVE-2025-64339
MEDIUM
ClipBucket 5.3-5.5.2-146 - Authenticated Stored Cross-Site Scripting via Playlist Name Field
CVSS 5.4
CVE-2025-12520
MEDIUM
WP Airbnb Review Slider <= 4.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.0
CVE-2025-64338
CRITICAL
ClipBucket 5.5.2-#156 and below - Authenticated Stored Cross-Site Scripting via Photo Collection Name
CVSS 9.0
CVE-2025-64336
MEDIUM
ClipBucket 5.3-5.5.2-146 - Authenticated Stored Cross-Site Scripting via Photo Title
CVSS 5.4
CVE-2025-52662
MEDIUM
Nuxt DevTools < 2.6.4 - Cross-Site Scripting via Auth Token Extraction
CVSS 6.9
CVE-2025-64302
MEDIUM
Advantech DeviceOn iEdge < 2.0.2 - Cross-Site Scripting via Dashboard Label or Path
CVSS 6.4
CVE-2025-64177
MEDIUM
ThinkDashboard < 0.6.8 - Stored Cross-Site Scripting via Malicious Bookmark
CVSS 5.4
Details
Vulnerabilities
45,028
Exploit Likelihood
High