CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,048 vulnerabilities with CWE-79
CVE-2025-11922
MEDIUM
Inactive Logout <= 3.5.5 - Authenticated Stored Cross-Site Scripting via ina_redirect_page_individual_user Parameter
CVSS 6.4
CVE-2025-62618
HIGH
elog < 3.1.5-20251014 - Authenticated Arbitrary HTML File Upload and Credential Theft
CVSS 8.0
CVE-2025-62267
MEDIUM
Liferay Digital Experience Platform < 7.4.3.112 - XSS
CVSS 6.1
CVE-2025-12546
LOW
LogicalDOC Community Edition <9.2.1 - XSS
CVSS 3.5
CVE-2025-62264
MEDIUM
Liferay Digital Experience Platform < 7.4.3.112 - XSS
CVSS 6.1
CVE-2025-61427
MEDIUM
BEO Atlas Einfuhr Ausfuhr 3.0 - XSS
CVSS 6.1
CVE-2025-12460
MEDIUM
Afterlogic Aurora < 9.8.3 - Stored Cross-Site Scripting via HTML Email Image Tag
CVE-2025-64367
MEDIUM
Adrian Tobey Groundhogg <=4.2.6 - XSS
CVSS 6.5
CVE-2025-64365
MEDIUM
colabrio Ohio Extra <= 3.6.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-64362
MEDIUM
SeventhQueen K Elements <5.5.0 - XSS
CVSS 6.5
CVE-2025-64361
MEDIUM
StylemixThemes Consulting Elementor Widgets <=1.4.2 - XSS
CVSS 6.5
CVE-2025-64354
MEDIUM
Matias Ventura Gutenberg <21.8.2 - XSS
CVSS 6.5
CVE-2025-11806
MEDIUM
Qzzr Shortcode Plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Quiz Attribute
CVSS 6.4
CVE-2025-27208
MEDIUM
Revive Adserver 5.5.2 - Reflected Cross-Site Scripting via Admin Search Compact Parameter
CVSS 6.1
CVE-2025-34278
MEDIUM
Nagios Network Analyzer < 2024 - Stored Cross-Site Scripting in Source Groups Percentile Calculator Menu
CVSS 5.4
CVE-2025-62265
MEDIUM
Liferay Digital Experience Platform < 7.4 - Stored Cross-Site Scripting in Blogs Widget via iframe Injection
CVSS 5.4
CVE-2025-52180
MEDIUM
Zucchetti Ad Hoc Infinity < 4.2 - Unauthenticated Stored Cross-Site Scripting via pHtmlSource Parameter
CVSS 6.1
CVE-2025-52179
MEDIUM
Zucchetti Ad Hoc Revolution <4.1 - XSS
CVSS 6.1
CVE-2025-64112
HIGH
Statamic CMS < 5.22.1 - Authenticated Stored Cross-Site Scripting in Collections and Taxonomies
CVSS 8.0
CVE-2025-56313
MEDIUM
JATOS 3.7.1-3.9.6 - Reflected Cross-Site Scripting via /publix/run Code Parameter
CVSS 6.1
CVE-2025-63885
MEDIUM
AIxBlock - Stored Cross-Site Scripting via Model Description Field
CVSS 6.1
CVE-2025-60950
MEDIUM
AIxBlock - Remote Code Execution via SVG File Upload in Data Preparation
CVSS 6.1
CVE-2025-36592
MEDIUM
Dell Policy Manager for Secure Connect Gateway < 5.32.00.18 - Unauthenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-5347
MEDIUM
ManageEngine Exchange Reporter Plus < 5723 - Stored Cross-Site Scripting in Reports Module
CVSS 6.3
CVE-2025-5343
MEDIUM
ManageEngine Exchange Reporter Plus <= 5721 - Stored Cross-Site Scripting in Instant Search
CVSS 6.3
Details
Vulnerabilities
45,048
Exploit Likelihood
High