CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,048 vulnerabilities with CWE-79
CVE-2025-63417
HIGH
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting via Chat Message Input
CVSS 7.2
CVE-2025-63416
CRITICAL
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting in Chat Functionality
CVSS 9.1
CVE-2025-5770
MEDIUM
WSO2 API Control Plane and API Manager - Reflected Cross-Site Scripting in Authentication Endpoints
CVSS 6.1
CVE-2025-55341
MEDIUM
Quipux 4.0.1-e1774ac - Cross-Site Scripting via anexos/anexos_nuevo.php asocImgRad
CVSS 6.5
CVE-2025-57244
MEDIUM
OpenKM Community Edition 6.3.12 - Stored Cross-Site Scripting via User Account Creation Interface
CVSS 5.4
CVE-2025-20304
MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20303
MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20289
MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-11820
MEDIUM
Graphina - Elementor Charts and Graphs <3.1.8 - XSS
CVSS 6.4
CVE-2025-11162
MEDIUM
Spectra Gutenberg Blocks - Website Builder <2.19.14 - XSS
CVSS 6.4
CVE-2025-12580
MEDIUM
SMS for WordPress <= 1.1.8 - Unauthenticated Reflected Cross-Site Scripting via Paged Parameter
CVSS 6.1
CVE-2025-62722
MEDIUM
LinkAce < 2.4.0 - Authenticated Stored Cross-Site Scripting via Link Title Field
CVSS 5.4
CVE-2025-62715
MEDIUM
ClipBucket 5.3-5.5.2-147 - Authenticated Stored Cross-Site Scripting in Collection Tags
CVSS 5.4
CVE-2025-48884
MEDIUM
Galette < 1.2.0 - Cross-Site Scripting in Document Type
CVSS 6.1
CVE-2025-48076
MEDIUM
Galette < 1.2.0 - Stored Cross-Site Scripting via Group Name Edit
CVSS 5.4
CVE-2025-61431
MEDIUM
Zucchetti ZMaintenance Infinity <v4.1 - XSS
CVSS 6.1
CVE-2025-12184
MEDIUM
MeetingList <= 0.11 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12045
MEDIUM
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...
CVSS 6.4
CVE-2025-12396
MEDIUM
clubmember <= 0.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12393
MEDIUM
Free Quotation <= 3.1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12371
MEDIUM
Nari Accountant <= 1.0.12 - Authenticated Stored Cross-Site Scripting via Account Settings
CVSS 4.4
CVE-2025-12369
MEDIUM
Extensions for Leaflet Map <= 4.7 - Authenticated Stored Cross-Site Scripting via geojsonmarker Shortcode
CVSS 6.4
CVE-2025-12065
MEDIUM
WP Carticon <= 1.0.0 - Authenticated Stored Cross-Site Scripting via carticon_js_script Parameter
CVSS 4.4
CVE-2025-11812
MEDIUM
Reuse Builder <= 1.7 - Authenticated Stored XSS via 'style' Attribute
CVSS 6.4
CVE-2025-11753
MEDIUM
Bootstrap Multi-language Responsive Portfolio <1.0 - XSS
CVSS 4.4
Details
Vulnerabilities
45,048
Exploit Likelihood
High