CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,109 vulnerabilities with CWE-79
CVE-2025-10135 MEDIUM
WP ViewSTL <= 1.0 - Authenticated Stored Cross-Site Scripting via viewstl Shortcode
CVSS 6.4
CVE-2025-10133 MEDIUM
URLYar URL Shortner plugin <1.1.0 - XSS
CVSS 6.4
CVE-2025-10132 MEDIUM
Dhivehi Text <= 0.1 - Authenticated Stored Cross-Site Scripting via 'dhivehi' Shortcode
CVSS 6.4
CVE-2025-61797 MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-61796 MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-54272 MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-49553 CRITICAL
Adobe Connect < 12.10 - DOM-based Cross-Site Scripting
CVSS 9.3
CVE-2025-49552 HIGH
Adobe Connect < 12.9 - DOM-based Cross-Site Scripting
CVSS 8.1
CVE-2025-54266 MEDIUM
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
CVSS 4.8
CVE-2025-54264 HIGH
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
CVSS 8.1
CVE-2025-60374 MEDIUM
Perfex CRM < 3.3.1 - Stored Cross-Site Scripting in Chatbot
CVSS 6.1
CVE-2025-59429 MEDIUM
FreePBX < 16.0.68.39 and < 17.0.18.38 - Unauthenticated Reflected Cross-Site Scripting via Asterisk HTTP Status Page
CVSS 5.4
CVE-2025-8459 HIGH
Centreon Web 23.10.0-23.10.27 - Stored Cross-Site Scripting in Monitoring Recurrent Downtime Scheduler Modules
CVSS 7.7
CVE-2025-8430 MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in Commands Connectors Configuration
CVSS 6.8
CVE-2025-8429 MEDIUM
Centreon Infra Monitoring 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in ACL Action Access
CVSS 6.8
CVE-2025-62366 LOW
mailgen < 2.0.31 - Cross-Site Scripting via HTML Entity Encoding Bypass
CVE-2025-62172 HIGH
Pypi Homeassistant < 2025.10.2 - Basic XSS
CVE-2025-58324 MEDIUM
FortiSIEM 6.2.0-7.2.2 - Authenticated Stored Cross-Site Scripting via Crafted HTTP Requests
CVSS 6.4
CVE-2025-54893 MEDIUM
Centreon Web 23.10.0-23.10.27 - Stored Cross-Site Scripting in Hosts Templates Configuration
CVSS 6.8
CVE-2025-31366 MEDIUM
Fortinet FortiOS 6.4.0-7.6.3, FortiProxy 7.0.0-7.6.3, FortiSASE 25.2.a - Unauthenticated XSS via Crafted HTTP Requests
CVSS 4.7
CVE-2025-8428 MEDIUM
Centreon 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 Stored XSS in HTTP Loader Widget
CVSS 6.8
CVE-2025-59428 MEDIUM
EspoCRM < 9.1.9 - Authenticated Arbitrary User Creation via Stored SVG and CSRF
CVSS 5.4
CVE-2025-54892 MEDIUM
Centreon Web 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in SNMP Traps Group Configuration
CVSS 6.8
CVE-2025-54891 MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in ACL Resource Access Configuration
CVSS 6.8
CVE-2025-54889 MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in SNMP Traps Manufacturer Configuration
CVSS 6.8
Details
Vulnerabilities 45,109
Exploit Likelihood High