CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,048 vulnerabilities with CWE-79
CVE-2025-61080
MEDIUM
Clear2Pay Bank Visibility App <1.10.0.104 - XSS
CVSS 5.4
CVE-2025-34318
MEDIUM
IPFire < 2.29 (Core Update 198) - Authenticated Stored Cross-Site Scripting via DNS Creation Parameters
CVE-2025-34317
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via DNS TLS_HOSTNAME Parameter
CVSS 5.4
CVE-2025-34316
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Mail Server Settings
CVSS 5.4
CVE-2025-34315
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via REMOTELOG_ADDR Parameter
CVSS 5.4
CVE-2025-34314
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Time Constraint Rule Parameters
CVSS 5.4
CVE-2025-34313
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via QUOTA_USERS Parameter
CVSS 5.4
CVE-2025-34310
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via QoS Settings Parameters
CVSS 5.4
CVE-2025-34309
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Dynamic DNS Host Parameters
CVSS 5.4
CVE-2025-34308
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via UPDATE_VALUE Parameter
CVSS 5.4
CVE-2025-34307
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Firewall Country Search Defaults
CVSS 5.4
CVE-2025-34306
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via pienumber Parameter
CVSS 5.4
CVE-2025-34305
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via cleanhtml() Function
CVSS 5.4
CVE-2025-34303
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via IGNORE_ENTRY_REMARK Parameter
CVSS 5.4
CVE-2025-34302
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via PROT Parameter
CVSS 5.4
CVE-2025-34301
MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via COUNTRY_CODE Parameter
CVSS 5.4
CVE-2025-12335
MEDIUM
code-projects E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameters
CVSS 4.3
CVE-2025-12332
LOW
SourceCodester Student Grades Management System 1.0 - Cross-Site Scripting in delete_user Function
CVSS 2.4
CVE-2025-12334
MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via prod_name/prod_desc/prod_cost Parameters
CVSS 4.3
CVE-2025-12333
MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameter
CVSS 4.3
CVE-2025-62793
MEDIUM
elabftw < 5.3.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.8
CVE-2025-62779
MEDIUM
Frappe Learning < 2.39.2 - Stored Cross-Site Scripting via Job Form Input
CVSS 5.4
CVE-2025-12330
LOW
Willow CMS < 1.4.0 - Cross-Site Scripting via Add Post Page Title/Body
CVSS 2.4
CVE-2025-62263
MEDIUM
Liferay Digital Experience Platform < 7.4.3.104 - XSS
CVSS 5.4
CVE-2025-12312
LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via Fullname/Category Parameter
CVSS 2.4
Details
Vulnerabilities
45,048
Exploit Likelihood
High