CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-62598 MEDIUM
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via editar_info_pessoal.php Action Parameter
CVSS 6.1
CVE-2025-62597 MEDIUM
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via editar_info_pessoal.php sql Parameter
CVSS 6.1
CVE-2025-60506 MEDIUM
Moodle PDF Annotator plugin v1.5 release 9 - XSS
CVSS 5.4
CVE-2025-60280 MEDIUM
Bang Resto 1.0 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-60934 MEDIUM
HR Performance Solutions Performance Pro <6.3.2.0 - XSS
CVSS 6.1
CVE-2025-60933 MEDIUM
HR Performance Solutions Performance Pro v3.19.17 - XSS
CVSS 6.1
CVE-2025-60932 MEDIUM
HR Performance Solutions Performance Pro v3.19.17 - XSS
CVSS 6.1
CVE-2025-10612 MEDIUM
City Guide < 1.4.45 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-62702 MEDIUM
Mediawiki - PageTriage Extension <1.44 - XSS
CVE-2025-62701 MEDIUM
Mediawiki - Wikistories <1.44 - XSS
CVE-2025-62694 MEDIUM
Mediawiki WikiLove Extension <1.39 - XSS
CVE-2025-62695 MEDIUM
Mediawiki WikiLambda Extension - XSS
CVE-2025-12001 MEDIUM
BLU-IC2 and BLU-IC4 Firmware < 1.20 - Stored Cross-Site Scripting via Application Manifest
CVSS 6.1
CVE-2025-62657 MEDIUM
MediaWiki PageForms extension 1.44 - Stored Cross-Site Scripting
CVE-2025-62656 MEDIUM
MediaWiki GlobalBlocking <1.44 - XSS
CVE-2025-60781 MEDIUM
PHP Education Manager 1.0 - Stored Cross-Site Scripting via Worksheet Participant Name Parameter
CVSS 6.1
CVE-2025-62528 MEDIUM
Taguette < 1.5.0 - Stored Cross-Site Scripting via Project Name or Description
CVSS 5.4
CVE-2025-62700 MEDIUM
Mediawiki - MultiBoilerplate Extensionmaste <1.39 - XSS
CVE-2025-62698 MEDIUM
The Wikimedia Foundation Mediawiki - ExternalGuidance <1.39 - XSS
CVE-2025-62693 MEDIUM
Mediawiki - LastModified Extension - XSS
CVE-2025-61456 MEDIUM
Bhabishya-123 E-commerce 1.0 - Cross-Site Scripting in Index Endpoint
CVSS 6.1
CVE-2025-61417 HIGH
TastyIgniter 3.7.7 - Stored Cross-Site Scripting via SVG File Upload in Media Manager
CVSS 8.8
CVE-2025-61454 MEDIUM
Bhabishya-123 E-commerce 1.0 - Cross-Site Scripting via Search Endpoint
CVSS 6.1
CVE-2025-8349 MEDIUM
Tawk Live Chat - Stored Cross-Site Scripting via Malicious PDF Upload
CVE-2025-11946 LOW
LogicalDOC Community Edition < 9.2.1 - Cross-Site Scripting via Add Contact Page Parameters
CVSS 3.5
Details
Vulnerabilities 45,062
Exploit Likelihood High