CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-34306 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via pienumber Parameter
CVSS 5.4
CVE-2025-34305 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via cleanhtml() Function
CVSS 5.4
CVE-2025-34303 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via IGNORE_ENTRY_REMARK Parameter
CVSS 5.4
CVE-2025-34302 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via PROT Parameter
CVSS 5.4
CVE-2025-34301 MEDIUM
IPFire < 2.29 - Authenticated Stored Cross-Site Scripting via COUNTRY_CODE Parameter
CVSS 5.4
CVE-2025-12335 MEDIUM
code-projects E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameters
CVSS 4.3
CVE-2025-12332 LOW
SourceCodester Student Grades Management System 1.0 - Cross-Site Scripting in delete_user Function
CVSS 2.4
CVE-2025-12334 MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via prod_name/prod_desc/prod_cost Parameters
CVSS 4.3
CVE-2025-12333 MEDIUM
E-Commerce Website 1.0 - Cross-Site Scripting via supp_name/supp_address Parameter
CVSS 4.3
CVE-2025-62793 MEDIUM
elabftw < 5.3.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.8
CVE-2025-62779 MEDIUM
Frappe Learning < 2.39.2 - Stored Cross-Site Scripting via Job Form Input
CVSS 5.4
CVE-2025-12330 LOW
Willow CMS < 1.4.0 - Cross-Site Scripting via Add Post Page Title/Body
CVSS 2.4
CVE-2025-62263 MEDIUM
Liferay Digital Experience Platform < 7.4.3.104 - XSS
CVSS 5.4
CVE-2025-12312 LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via Fullname/Category Parameter
CVSS 2.4
CVE-2025-12311 LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via edit-category-detail.php catname Parameter
CVSS 2.4
CVE-2025-53533 MEDIUM
Pi-hole Admin Interface <6.2.1 - XSS
CVSS 6.1
CVE-2025-36170 MEDIUM
IBM QRadar SIEM 7.5-7.5.0 Update Pack 13 Independent Fix 02 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-36138 MEDIUM
IBM QRadar SIEM 7.5-7.5.0 Update Pack 13 Independent Fix 02 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-32785 MEDIUM
Pi-hole web_interface < 6.3 - Authenticated Stored Cross-Site Scripting via Subscribed Lists Address Field
CVSS 5.4
CVE-2025-60983 MEDIUM
Rubikon Banking Solution 4.0.3 - XSS
CVSS 5.4
CVE-2025-54965 MEDIUM
BAE SOCET GXP < 4.6.0.2 - Cross-Site Scripting via Job ID Parameter
CVSS 6.1
CVE-2025-12303 LOW
PHPGurukul Curfew e-Pass Management System 1.0 - Cross-Site Scripting via admin-profile.php adminname/email Parameter
CVSS 2.4
CVE-2025-12302 MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via /editproduct.php pname/category/price Parameters
CVSS 4.3
CVE-2025-12300 MEDIUM
Simple Food Ordering System 1.0 - Cross-Site Scripting via cname Parameter in addcategory.php
CVSS 4.3
CVE-2025-54967 MEDIUM
BAE SOCET GXP < 4.6.0.3 - XML External Entity Injection in XML File Processing
CVSS 6.5
Details
Vulnerabilities 45,062
Exploit Likelihood High