CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,109 vulnerabilities with CWE-79
CVE-2025-62412
LOW
LibreNMS < 25.10.0 - Stored Cross-Site Scripting in Alert Rule Name
CVSS 3.8
CVE-2025-62411
MEDIUM
LibreNMS <= 25.8.0 - Stored Cross-Site Scripting in Alert Transports Management
CVSS 5.5
CVE-2025-34512
MEDIUM
Ilevia EVE X1 Server Firmware <= 4.7.18.0.eden - Unauthenticated Reflected Cross-Site Scripting in index.php
CVSS 6.1
CVE-2025-11851
LOW
Apeman ID71 EN75.8.53.20 - Cross-Site Scripting via /set_alias.cgi Alias Parameter
CVSS 3.5
CVE-2025-61539
MEDIUM
Ultimate PHP Board 2.2.7 - Cross-Site Scripting via u_name Parameter
CVSS 6.1
CVE-2025-55072
MEDIUM
desknet's NEO V2.0R1.0-V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-54859
MEDIUM
desknet's NEO <= V9.0R2.0 - Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-54760
MEDIUM
desknet's NEO <= V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-52583
MEDIUM
desknet's Web Server - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-24833
MEDIUM
desknet's NEO V4.0R1.0-V9.0R2.0 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-58115
MEDIUM
ChatLuck V3.6 R1.0-V6.6 R1.0 - Cross-Site Scripting in Guest User Sign-up
CVSS 6.1
CVE-2025-53858
MEDIUM
ChatLuck < V6.6 R2.0 - Cross-Site Scripting in Chat Rooms
CVSS 5.4
CVE-2025-0277
MEDIUM
HCL BigFix Mobile < 3.3 - Cross-Site Scripting via Insecure CSP Directives
CVSS 6.5
CVE-2025-0276
MEDIUM
HCL BigFix Modern Client Management < 3.3 - Cross-Site Scripting via Insecure CSP Directives
CVSS 6.5
CVE-2025-41021
MEDIUM
Sergestec Exito v8.0 - Stored Cross-Site Scripting via 'obs' Parameter in Product Update
CVSS 5.4
CVE-2025-11814
MEDIUM
Ultimate Addons for WPBakery <3.21.1 - XSS
CVSS 6.4
CVE-2025-62380
LOW
mailgen < 2.0.32 - Cross-Site Scripting via Plaintext Email Generation
CVE-2025-20351
MEDIUM
Cisco Desk Phone 9800 Series and IP Phone 7800/8800 Series - Unauthenticated Stored Cross-Site Scripting via Web UI
CVSS 6.1
CVE-2025-61933
MEDIUM
F5 BIG-IP Access Policy Manager 15.1.0-15.1.10.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-59269
MEDIUM
F5 BIG-IP 15.1.0-15.1.10.8 - Stored Cross-Site Scripting in Configuration Utility
CVSS 6.1
CVE-2025-10869
MEDIUM
Oct8ne Chatbot 2.3 - Stored Cross-Site Scripting via Transcript Email Payload
CVSS 6.1
CVE-2025-10194
MEDIUM
Shortcode Button <= 1.1.9 - Authenticated Stored Cross-Site Scripting via Button Shortcode
CVSS 6.4
CVE-2025-10141
MEDIUM
Digiseller <= 1.3 - Authenticated Stored Cross-Site Scripting via 'ds' Shortcode
CVSS 6.4
CVE-2025-10140
MEDIUM
Quick Social Login <= 1.4.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10139
MEDIUM
WP BookWidgets <= 0.9 - Authenticated Stored Cross-Site Scripting via bw_link Shortcode
CVSS 6.4
Details
Vulnerabilities
45,109
Exploit Likelihood
High