CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,028 vulnerabilities with CWE-79
CVE-2025-11268 MEDIUM
Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution via Testimonial Submission
CVSS 4.3
CVE-2025-12471 MEDIUM
Hubbub Lite < 1.36.0 - Unauthenticated Reflected Cross-Site Scripting via dpsp_list_attention_search Parameter
CVSS 6.1
CVE-2025-61994 MEDIUM
GROWI < 7.2.10 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-10853 MEDIUM
WSO2 API Control Plane - Reflected Cross-Site Scripting via Management Console Parameters
CVSS 5.2
CVE-2025-63418 MEDIUM
SelfBest 2023.3 - DOM-based Cross-Site Scripting via Browser Console Injection
CVSS 6.1
CVE-2025-63417 HIGH
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting via Chat Message Input
CVSS 7.2
CVE-2025-63416 CRITICAL
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting in Chat Functionality
CVSS 9.1
CVE-2025-5770 MEDIUM
WSO2 API Control Plane and API Manager - Reflected Cross-Site Scripting in Authentication Endpoints
CVSS 6.1
CVE-2025-55341 MEDIUM
Quipux 4.0.1-e1774ac - Cross-Site Scripting via anexos/anexos_nuevo.php asocImgRad
CVSS 6.5
CVE-2025-57244 MEDIUM
OpenKM Community Edition 6.3.12 - Stored Cross-Site Scripting via User Account Creation Interface
CVSS 5.4
CVE-2025-20304 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20303 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20289 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-11820 MEDIUM
Graphina - Elementor Charts and Graphs <3.1.8 - XSS
CVSS 6.4
CVE-2025-11162 MEDIUM
Spectra Gutenberg Blocks - Website Builder <2.19.14 - XSS
CVSS 6.4
CVE-2025-12580 MEDIUM
SMS for WordPress <= 1.1.8 - Unauthenticated Reflected Cross-Site Scripting via Paged Parameter
CVSS 6.1
CVE-2025-62722 MEDIUM
LinkAce < 2.4.0 - Authenticated Stored Cross-Site Scripting via Link Title Field
CVSS 5.4
CVE-2025-62715 MEDIUM
ClipBucket 5.3-5.5.2-147 - Authenticated Stored Cross-Site Scripting in Collection Tags
CVSS 5.4
CVE-2025-48884 MEDIUM
Galette < 1.2.0 - Cross-Site Scripting in Document Type
CVSS 6.1
CVE-2025-48076 MEDIUM
Galette < 1.2.0 - Stored Cross-Site Scripting via Group Name Edit
CVSS 5.4
CVE-2025-61431 MEDIUM
Zucchetti ZMaintenance Infinity <v4.1 - XSS
CVSS 6.1
CVE-2025-12184 MEDIUM
MeetingList <= 0.11 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12045 MEDIUM
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...
CVSS 6.4
CVE-2025-12396 MEDIUM
clubmember <= 0.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12393 MEDIUM
Free Quotation <= 3.1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
Details
Vulnerabilities 45,028
Exploit Likelihood High