CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,048 vulnerabilities with CWE-79
CVE-2025-61080 MEDIUM
Clear2Pay Bank Visibility App <1.10.0.104 - XSS
CVSS 5.4
CVE-2025-34318 MEDIUM
IPFire < 2.29 (Core Update 198) - Authenticated Stored Cross-Site Scripting via DNS Creation Parameters
CVE-2025-34317 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via DNS TLS_HOSTNAME Parameter
CVSS 5.4
CVE-2025-34316 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Mail Server Settings
CVSS 5.4
CVE-2025-34315 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via REMOTELOG_ADDR Parameter
CVSS 5.4
CVE-2025-34314 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Time Constraint Rule Parameters
CVSS 5.4
CVE-2025-34313 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via QUOTA_USERS Parameter
CVSS 5.4
CVE-2025-34310 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via QoS Settings Parameters
CVSS 5.4
CVE-2025-34309 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Dynamic DNS Host Parameters
CVSS 5.4
CVE-2025-34308 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via UPDATE_VALUE Parameter
CVSS 5.4
CVE-2025-34307 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via Firewall Country Search Defaults
CVSS 5.4
CVE-2025-34306 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via pienumber Parameter
CVSS 5.4
CVE-2025-34305 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via cleanhtml() Function
CVSS 5.4
CVE-2025-34303 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via IGNORE_ENTRY_REMARK Parameter
CVSS 5.4
CVE-2025-34302 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via PROT Parameter
CVSS 5.4
CVE-2025-34301 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via COUNTRY_CODE Parameter
CVSS 5.4
CVE-2025-12335 MEDIUM
code-projects E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameters
CVSS 4.3
CVE-2025-12332 LOW
SourceCodester Student Grades Management System 1.0 - Cross-Site Scripting in delete_user Function
CVSS 2.4
CVE-2025-12334 MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via prod_name/prod_desc/prod_cost Parameters
CVSS 4.3
CVE-2025-12333 MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameter
CVSS 4.3
CVE-2025-62793 MEDIUM
elabftw < 5.3.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.8
CVE-2025-62779 MEDIUM
Frappe Learning < 2.39.2 - Stored Cross-Site Scripting via Job Form Input
CVSS 5.4
CVE-2025-12330 LOW
Willow CMS < 1.4.0 - Cross-Site Scripting via Add Post Page Title/Body
CVSS 2.4
CVE-2025-62263 MEDIUM
Liferay Digital Experience Platform < 7.4.3.104 - XSS
CVSS 5.4
CVE-2025-12312 LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via Fullname/Category Parameter
CVSS 2.4
Details
Vulnerabilities 45,048
Exploit Likelihood High