CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,048 vulnerabilities with CWE-79
CVE-2025-63417 HIGH
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting via Chat Message Input
CVSS 7.2
CVE-2025-63416 CRITICAL
SelfBest 2023.3 - Authenticated Stored Cross-Site Scripting in Chat Functionality
CVSS 9.1
CVE-2025-5770 MEDIUM
WSO2 API Control Plane and API Manager - Reflected Cross-Site Scripting in Authentication Endpoints
CVSS 6.1
CVE-2025-55341 MEDIUM
Quipux 4.0.1-e1774ac - Cross-Site Scripting via anexos/anexos_nuevo.php asocImgRad
CVSS 6.5
CVE-2025-57244 MEDIUM
OpenKM Community Edition 6.3.12 - Stored Cross-Site Scripting via User Account Creation Interface
CVSS 5.4
CVE-2025-20304 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20303 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-20289 MEDIUM
Cisco Identity Services Engine - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-11820 MEDIUM
Graphina - Elementor Charts and Graphs <3.1.8 - XSS
CVSS 6.4
CVE-2025-11162 MEDIUM
Spectra Gutenberg Blocks - Website Builder <2.19.14 - XSS
CVSS 6.4
CVE-2025-12580 MEDIUM
SMS for WordPress <= 1.1.8 - Unauthenticated Reflected Cross-Site Scripting via Paged Parameter
CVSS 6.1
CVE-2025-62722 MEDIUM
LinkAce < 2.4.0 - Authenticated Stored Cross-Site Scripting via Link Title Field
CVSS 5.4
CVE-2025-62715 MEDIUM
ClipBucket 5.3-5.5.2-147 - Authenticated Stored Cross-Site Scripting in Collection Tags
CVSS 5.4
CVE-2025-48884 MEDIUM
Galette < 1.2.0 - Cross-Site Scripting in Document Type
CVSS 6.1
CVE-2025-48076 MEDIUM
Galette < 1.2.0 - Stored Cross-Site Scripting via Group Name Edit
CVSS 5.4
CVE-2025-61431 MEDIUM
Zucchetti ZMaintenance Infinity <v4.1 - XSS
CVSS 6.1
CVE-2025-12184 MEDIUM
MeetingList <= 0.11 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12045 MEDIUM
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...
CVSS 6.4
CVE-2025-12396 MEDIUM
clubmember <= 0.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12393 MEDIUM
Free Quotation <= 3.1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12371 MEDIUM
Nari Accountant <= 1.0.12 - Authenticated Stored Cross-Site Scripting via Account Settings
CVSS 4.4
CVE-2025-12369 MEDIUM
Extensions for Leaflet Map <= 4.7 - Authenticated Stored Cross-Site Scripting via geojsonmarker Shortcode
CVSS 6.4
CVE-2025-12065 MEDIUM
WP Carticon <= 1.0.0 - Authenticated Stored Cross-Site Scripting via carticon_js_script Parameter
CVSS 4.4
CVE-2025-11812 MEDIUM
Reuse Builder <= 1.7 - Authenticated Stored XSS via 'style' Attribute
CVSS 6.4
CVE-2025-11753 MEDIUM
Bootstrap Multi-language Responsive Portfolio <1.0 - XSS
CVSS 4.4
Details
Vulnerabilities 45,048
Exploit Likelihood High