CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,109 vulnerabilities with CWE-79
CVE-2025-62412 LOW
LibreNMS < 25.10.0 - Stored Cross-Site Scripting in Alert Rule Name
CVSS 3.8
CVE-2025-62411 MEDIUM
LibreNMS <= 25.8.0 - Stored Cross-Site Scripting in Alert Transports Management
CVSS 5.5
CVE-2025-34512 MEDIUM
Ilevia EVE X1 Server Firmware <= 4.7.18.0.eden - Unauthenticated Reflected Cross-Site Scripting in index.php
CVSS 6.1
CVE-2025-11851 LOW
Apeman ID71 EN75.8.53.20 - Cross-Site Scripting via /set_alias.cgi Alias Parameter
CVSS 3.5
CVE-2025-61539 MEDIUM
Ultimate PHP Board 2.2.7 - Cross-Site Scripting via u_name Parameter
CVSS 6.1
CVE-2025-55072 MEDIUM
desknet's NEO V2.0R1.0-V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-54859 MEDIUM
desknet's NEO <= V9.0R2.0 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-54760 MEDIUM
desknet's NEO <= V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-52583 MEDIUM
desknet's Web Server - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-24833 MEDIUM
desknet's NEO V4.0R1.0-V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-58115 MEDIUM
ChatLuck V3.6 R1.0-V6.6 R1.0 - Cross-Site Scripting in Guest User Sign-up
CVSS 6.1
CVE-2025-53858 MEDIUM
ChatLuck < V6.6 R2.0 - Cross-Site Scripting in Chat Rooms
CVSS 5.4
CVE-2025-0277 MEDIUM
HCL BigFix Mobile < 3.3 - Cross-Site Scripting via Insecure CSP Directives
CVSS 6.5
CVE-2025-0276 MEDIUM
HCL BigFix Modern Client Management < 3.3 - Cross-Site Scripting via Insecure CSP Directives
CVSS 6.5
CVE-2025-41021 MEDIUM
Sergestec Exito v8.0 - Stored Cross-Site Scripting via 'obs' Parameter in Product Update
CVSS 5.4
CVE-2025-11814 MEDIUM
Ultimate Addons for WPBakery <3.21.1 - XSS
CVSS 6.4
CVE-2025-62380 LOW
mailgen < 2.0.32 - Cross-Site Scripting via Plaintext Email Generation
CVE-2025-20351 MEDIUM
Cisco Desk Phone 9800 Series and IP Phone 7800/8800 Series - Unauthenticated Stored Cross-Site Scripting via Web UI
CVSS 6.1
CVE-2025-61933 MEDIUM
F5 BIG-IP Access Policy Manager 15.1.0-15.1.10.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-59269 MEDIUM
F5 BIG-IP 15.1.0-15.1.10.8 - Stored Cross-Site Scripting in Configuration Utility
CVSS 6.1
CVE-2025-10869 MEDIUM
Oct8ne Chatbot 2.3 - Stored Cross-Site Scripting via Transcript Email Payload
CVSS 6.1
CVE-2025-10194 MEDIUM
Shortcode Button <= 1.1.9 - Authenticated Stored Cross-Site Scripting via Button Shortcode
CVSS 6.4
CVE-2025-10141 MEDIUM
Digiseller <= 1.3 - Authenticated Stored Cross-Site Scripting via 'ds' Shortcode
CVSS 6.4
CVE-2025-10140 MEDIUM
Quick Social Login <= 1.4.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10139 MEDIUM
WP BookWidgets <= 0.9 - Authenticated Stored Cross-Site Scripting via bw_link Shortcode
CVSS 6.4
Details
Vulnerabilities 45,109
Exploit Likelihood High