CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,048 vulnerabilities with CWE-79
CVE-2025-50574
MEDIUM
Glamour Salon Management System <v1 - XSS
CVSS 6.1
CVE-2025-10348
MEDIUM
Eveo URVE Smart Office < 1.1.24 - Stored Cross-Site Scripting via Report Problem SVG Upload
CVE-2025-39663
HIGH
Checkmk < 2.4.0p14, 2.3.0p39, 2.2.0, 2.1.0 - Cross-Site Scripting via Service Output Injection
CVSS 8.4
CVE-2025-12475
MEDIUM
Blocksy Companion <= 2.1.14 - Authenticated Stored Cross-Site Scripting via Newsletter Subscribe Shortcode
CVSS 6.4
CVE-2025-12083
MEDIUM
Drupal CivicTheme Design System < 1.12.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-10931
LOW
Drupal Umami Analytics < 1.0.1 - Cross-Site Scripting
CVSS 3.8
CVE-2025-10927
MEDIUM
Plausible tracking < 1.0.2 - Cross-Site Scripting
CVSS 6.1
CVE-2025-10926
MEDIUM
Drupal JSON Field < 1.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-54384
MEDIUM
CKAN < 2.10.9 and 2.11.0-2.11.4 - Stored Cross-Site Scripting via markdown_extract Helper
CVSS 6.3
CVE-2025-12450
MEDIUM
LiteSpeed Cache <= 7.5.0.1 - Unauthenticated Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2025-64291
MEDIUM
Premmerce User Roles <= 1.0.13 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-64289
MEDIUM
Premmerce Product Search <2.2.4 - XSS
CVSS 5.9
CVE-2025-64220
MEDIUM
Rey Core <= 3.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64208
MEDIUM
TieLabs Jannah - Extensions <1.1.5 - XSS
CVSS 6.5
CVE-2025-64204
MEDIUM
ThemeSphere SmartMag <= 10.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64202
MEDIUM
TieLabs Sahifa < 5.8.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-64200
MEDIUM
VillaTheme Email Template Customizer <1.2.17 - XSS
CVSS 5.9
CVE-2025-64197
MEDIUM
Rehub < 19.9.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-64194
MEDIUM
ThimPress Eduma <= 5.7.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49042
MEDIUM
WooCommerce <= 10.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-64094
MEDIUM
Dnnsoftware Dotnetnuke < 10.1.1 - XSS
CVSS 6.4
CVE-2025-62800
MEDIUM
fastmcp < 2.13.0 - Reflected Cross-Site Scripting in OAuth Client Callback Page
CVSS 6.1
CVE-2025-62798
MEDIUM
code16/sharp < 9.11.1 - Cross-Site Scripting in SharpShowTextField Component
CVSS 5.4
CVE-2025-62796
MEDIUM
PrivateBin 1.7.7-2.0.1 - Persistent HTML Injection via Attachment Filename
CVSS 5.8
CVE-2025-59837
HIGH
Astro 5.13.4-5.13.9 - Server-Side Request Forgery via Backslash Bypass in Image Proxy
CVSS 7.2
Details
Vulnerabilities
45,048
Exploit Likelihood
High