CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-62716 HIGH
Plane < 1.1.0 - Unauthenticated Open Redirect and Cross-Site Scripting via next_path Parameter
CVSS 8.1
CVE-2025-60936 MEDIUM
Emoncms 11.7.3 - Authenticated Stored Cross-Site Scripting via Application Logs
CVSS 6.1
CVE-2025-5350 MEDIUM
WSO2 API Control Plane - Authenticated Server-Side Request Forgery and Reflected Cross-Site Scripting via Try-It Feature
CVSS 5.9
CVE-2025-12096 MEDIUM
Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated Stored Cross-Site Scripting via Pricelist Shortcode
CVSS 6.4
CVE-2025-12017 MEDIUM
VNPAY Payment gateway plugin <1.0.0 - XSS
CVSS 6.1
CVE-2025-12016 MEDIUM
qnotsquiz < 1.0.0 - Authenticated Stored Cross-Site Scripting via qnotsquiz_custom_start_text Parameter
CVSS 4.4
CVE-2025-10701 MEDIUM
Time Clock WordPress Plugin <= 1.3.1 - Authenticated Stored XSS via Data Parameter
CVSS 6.4
CVE-2025-9978 MEDIUM
Jeg Kit for Elementor < 2.7.0 - Cross-Site Scripting via SVG File Upload
CVSS 6.8
CVE-2025-9158 MEDIUM
Request Tracker <5.0.8, <6.0.1 - XSS
CVE-2025-61931 MEDIUM
Pleasanter < 1.4.20.0 - Stored Cross-Site Scripting in Body, Description, and Comments
CVSS 5.4
CVE-2025-58070 MEDIUM
Pleasanter < 1.4.20.0 - Stored Cross-Site Scripting in Preview for Attachments
CVSS 6.1
CVE-2025-7730 MEDIUM
Bold Page Builder <= 5.4.5 - Authenticated Stored Cross-Site Scripting via Percentage Parameter
CVSS 6.4
CVE-2025-62255 MEDIUM
Liferay DXP <7.3 & 7.4.0-7.4.3.101 - Stored XSS via Knowledge Base Attachment
CVSS 6.1
CVE-2025-60859 MEDIUM
Gnuboard 5.6.15 - Authenticated Cross-Site Scripting via c_id Parameter
CVSS 6.1
CVE-2025-60837 MEDIUM
MCMS < 6.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-61413 MEDIUM
Piranha CMS v12.0 - Stored Cross-Site Scripting in Markdown Blocks
CVSS 6.1
CVE-2025-57240 MEDIUM
17gz International Student service system 1.0 - XSS
CVSS 6.1
CVE-2025-56008 MEDIUM
KeeneticOS < 4.3 - Cross-Site Scripting in Wireless ISP Page
CVSS 6.1
CVE-2025-53701 MEDIUM
Vilar VS-IPC1002 Firmware - Reflected Cross-Site Scripting via /cgi-bin/action GET Parameters
CVSS 6.1
CVE-2025-1679 MEDIUM
Moxa TN-4500A, TN-5500A, TN-G4500, TN-G6500 Series - Authenticated Stored Cross-Site Scripting
CVE-2025-8427 MEDIUM
Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated Stored Cross-Site Scripting via auto_play Parameter
CVSS 6.4
CVE-2025-40643 MEDIUM
Energy CRM v2025 - Stored Cross-Site Scripting via JobCreatedBy Parameter
CVSS 5.4
CVE-2025-9981 MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Slider Editor
CVSS 4.8
CVE-2025-9980 MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Page Editor
CVSS 4.8
CVE-2025-10914 HIGH
Proliz Software Ltd. Co. OBS <V26.0401 - XSS
CVSS 7.6
Details
Vulnerabilities 45,062
Exploit Likelihood High