CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,062 vulnerabilities with CWE-79
CVE-2025-62716
HIGH
Plane < 1.1.0 - Unauthenticated Open Redirect and Cross-Site Scripting via next_path Parameter
CVSS 8.1
CVE-2025-60936
MEDIUM
Emoncms 11.7.3 - Authenticated Stored Cross-Site Scripting via Application Logs
CVSS 6.1
CVE-2025-5350
MEDIUM
WSO2 API Control Plane - Authenticated Server-Side Request Forgery and Reflected Cross-Site Scripting via Try-It Feature
CVSS 5.9
CVE-2025-12096
MEDIUM
Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated Stored Cross-Site Scripting via Pricelist Shortcode
CVSS 6.4
CVE-2025-12017
MEDIUM
VNPAY Payment gateway plugin <1.0.0 - XSS
CVSS 6.1
CVE-2025-12016
MEDIUM
qnotsquiz < 1.0.0 - Authenticated Stored Cross-Site Scripting via qnotsquiz_custom_start_text Parameter
CVSS 4.4
CVE-2025-10701
MEDIUM
Time Clock WordPress Plugin <= 1.3.1 - Authenticated Stored XSS via Data Parameter
CVSS 6.4
CVE-2025-9978
MEDIUM
Jeg Kit for Elementor < 2.7.0 - Cross-Site Scripting via SVG File Upload
CVSS 6.8
CVE-2025-9158
MEDIUM
Request Tracker <5.0.8, <6.0.1 - XSS
CVE-2025-61931
MEDIUM
Pleasanter < 1.4.20.0 - Stored Cross-Site Scripting in Body, Description, and Comments
CVSS 5.4
CVE-2025-58070
MEDIUM
Pleasanter < 1.4.20.0 - Stored Cross-Site Scripting in Preview for Attachments
CVSS 6.1
CVE-2025-7730
MEDIUM
Bold Page Builder <= 5.4.5 - Authenticated Stored Cross-Site Scripting via Percentage Parameter
CVSS 6.4
CVE-2025-62255
MEDIUM
Liferay DXP <7.3 & 7.4.0-7.4.3.101 - Stored XSS via Knowledge Base Attachment
CVSS 6.1
CVE-2025-60859
MEDIUM
Gnuboard 5.6.15 - Authenticated Cross-Site Scripting via c_id Parameter
CVSS 6.1
CVE-2025-60837
MEDIUM
MCMS < 6.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-61413
MEDIUM
Piranha CMS v12.0 - Stored Cross-Site Scripting in Markdown Blocks
CVSS 6.1
CVE-2025-57240
MEDIUM
17gz International Student service system 1.0 - XSS
CVSS 6.1
CVE-2025-56008
MEDIUM
KeeneticOS < 4.3 - Cross-Site Scripting in Wireless ISP Page
CVSS 6.1
CVE-2025-53701
MEDIUM
Vilar VS-IPC1002 Firmware - Reflected Cross-Site Scripting via /cgi-bin/action GET Parameters
CVSS 6.1
CVE-2025-1679
MEDIUM
Moxa TN-4500A, TN-5500A, TN-G4500, TN-G6500 Series - Authenticated Stored Cross-Site Scripting
CVE-2025-8427
MEDIUM
Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated Stored Cross-Site Scripting via auto_play Parameter
CVSS 6.4
CVE-2025-40643
MEDIUM
Energy CRM v2025 - Stored Cross-Site Scripting via JobCreatedBy Parameter
CVSS 5.4
CVE-2025-9981
MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Slider Editor
CVSS 4.8
CVE-2025-9980
MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Page Editor
CVSS 4.8
CVE-2025-10914
HIGH
Proliz Software Ltd. Co. OBS <V26.0401 - XSS
CVSS 7.6
Details
Vulnerabilities
45,062
Exploit Likelihood
High