CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,048 vulnerabilities with CWE-79
CVE-2025-11922 MEDIUM
Inactive Logout <= 3.5.5 - Authenticated Stored Cross-Site Scripting via ina_redirect_page_individual_user Parameter
CVSS 6.4
CVE-2025-62618 HIGH
elog < 3.1.5-20251014 - Authenticated Arbitrary HTML File Upload and Credential Theft
CVSS 8.0
CVE-2025-62267 MEDIUM
Liferay Digital Experience Platform < 7.4.3.112 - XSS
CVSS 6.1
CVE-2025-12546 LOW
LogicalDOC Community Edition <9.2.1 - XSS
CVSS 3.5
CVE-2025-62264 MEDIUM
Liferay Digital Experience Platform < 7.4.3.112 - XSS
CVSS 6.1
CVE-2025-61427 MEDIUM
BEO Atlas Einfuhr Ausfuhr 3.0 - XSS
CVSS 6.1
CVE-2025-12460 MEDIUM
Afterlogic Aurora < 9.8.3 - Stored Cross-Site Scripting via HTML Email Image Tag
CVE-2025-64367 MEDIUM
Adrian Tobey Groundhogg <=4.2.6 - XSS
CVSS 6.5
CVE-2025-64365 MEDIUM
colabrio Ohio Extra <= 3.6.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-64362 MEDIUM
SeventhQueen K Elements <5.5.0 - XSS
CVSS 6.5
CVE-2025-64361 MEDIUM
StylemixThemes Consulting Elementor Widgets <=1.4.2 - XSS
CVSS 6.5
CVE-2025-64354 MEDIUM
Matias Ventura Gutenberg <21.8.2 - XSS
CVSS 6.5
CVE-2025-11806 MEDIUM
Qzzr Shortcode Plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Quiz Attribute
CVSS 6.4
CVE-2025-27208 MEDIUM
Revive Adserver 5.5.2 - Reflected Cross-Site Scripting via Admin Search Compact Parameter
CVSS 6.1
CVE-2025-34278 MEDIUM
Nagios Network Analyzer < 2024 - Stored Cross-Site Scripting in Source Groups Percentile Calculator Menu
CVSS 5.4
CVE-2025-62265 MEDIUM
Liferay Digital Experience Platform < 7.4 - Stored Cross-Site Scripting in Blogs Widget via iframe Injection
CVSS 5.4
CVE-2025-52180 MEDIUM
Zucchetti Ad Hoc Infinity < 4.2 - Unauthenticated Stored Cross-Site Scripting via pHtmlSource Parameter
CVSS 6.1
CVE-2025-52179 MEDIUM
Zucchetti Ad Hoc Revolution <4.1 - XSS
CVSS 6.1
CVE-2025-64112 HIGH
Statamic CMS < 5.22.1 - Authenticated Stored Cross-Site Scripting in Collections and Taxonomies
CVSS 8.0
CVE-2025-56313 MEDIUM
JATOS 3.7.1-3.9.6 - Reflected Cross-Site Scripting via /publix/run Code Parameter
CVSS 6.1
CVE-2025-63885 MEDIUM
AIxBlock - Stored Cross-Site Scripting via Model Description Field
CVSS 6.1
CVE-2025-60950 MEDIUM
AIxBlock - Remote Code Execution via SVG File Upload in Data Preparation
CVSS 6.1
CVE-2025-36592 MEDIUM
Dell Policy Manager for Secure Connect Gateway < 5.32.00.18 - Unauthenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-5347 MEDIUM
ManageEngine Exchange Reporter Plus < 5723 - Stored Cross-Site Scripting in Reports Module
CVSS 6.3
CVE-2025-5343 MEDIUM
ManageEngine Exchange Reporter Plus <= 5721 - Stored Cross-Site Scripting in Instant Search
CVSS 6.3
Details
Vulnerabilities 45,048
Exploit Likelihood High