CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,048 vulnerabilities with CWE-79
CVE-2025-50574 MEDIUM
Glamour Salon Management System <v1 - XSS
CVSS 6.1
CVE-2025-10348 MEDIUM
Eveo URVE Smart Office < 1.1.24 - Stored Cross-Site Scripting via Report Problem SVG Upload
CVE-2025-39663 HIGH
Checkmk < 2.4.0p14, 2.3.0p39, 2.2.0, 2.1.0 - Cross-Site Scripting via Service Output Injection
CVSS 8.4
CVE-2025-12475 MEDIUM
Blocksy Companion <= 2.1.14 - Authenticated Stored Cross-Site Scripting via Newsletter Subscribe Shortcode
CVSS 6.4
CVE-2025-12083 MEDIUM
Drupal CivicTheme Design System < 1.12.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-10931 LOW
Drupal Umami Analytics < 1.0.1 - Cross-Site Scripting
CVSS 3.8
CVE-2025-10927 MEDIUM
Plausible tracking < 1.0.2 - Cross-Site Scripting
CVSS 6.1
CVE-2025-10926 MEDIUM
Drupal JSON Field < 1.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-54384 MEDIUM
CKAN < 2.10.9 and 2.11.0-2.11.4 - Stored Cross-Site Scripting via markdown_extract Helper
CVSS 6.3
CVE-2025-12450 MEDIUM
LiteSpeed Cache <= 7.5.0.1 - Unauthenticated Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2025-64291 MEDIUM
Premmerce User Roles <= 1.0.13 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-64289 MEDIUM
Premmerce Product Search <2.2.4 - XSS
CVSS 5.9
CVE-2025-64220 MEDIUM
Rey Core <= 3.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64208 MEDIUM
TieLabs Jannah - Extensions <1.1.5 - XSS
CVSS 6.5
CVE-2025-64204 MEDIUM
ThemeSphere SmartMag <= 10.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64202 MEDIUM
TieLabs Sahifa < 5.8.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-64200 MEDIUM
VillaTheme Email Template Customizer <1.2.17 - XSS
CVSS 5.9
CVE-2025-64197 MEDIUM
Rehub < 19.9.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64194 MEDIUM
ThimPress Eduma <= 5.7.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49042 MEDIUM
WooCommerce <= 10.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-64094 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.1 - XSS
CVSS 6.4
CVE-2025-62800 MEDIUM
fastmcp < 2.13.0 - Reflected Cross-Site Scripting in OAuth Client Callback Page
CVSS 6.1
CVE-2025-62798 MEDIUM
code16/sharp < 9.11.1 - Cross-Site Scripting in SharpShowTextField Component
CVSS 5.4
CVE-2025-62796 MEDIUM
PrivateBin 1.7.7-2.0.1 - Persistent HTML Injection via Attachment Filename
CVSS 5.8
CVE-2025-59837 HIGH
Astro 5.13.4-5.13.9 - Server-Side Request Forgery via Backslash Bypass in Image Proxy
CVSS 7.2
Details
Vulnerabilities 45,048
Exploit Likelihood High