CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,109 vulnerabilities with CWE-79
CVE-2025-10135
MEDIUM
WP ViewSTL <= 1.0 - Authenticated Stored Cross-Site Scripting via viewstl Shortcode
CVSS 6.4
CVE-2025-10133
MEDIUM
URLYar URL Shortner plugin <1.1.0 - XSS
CVSS 6.4
CVE-2025-10132
MEDIUM
Dhivehi Text <= 0.1 - Authenticated Stored Cross-Site Scripting via 'dhivehi' Shortcode
CVSS 6.4
CVE-2025-61797
MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-61796
MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-54272
MEDIUM
Adobe Experience Manager <= 11.6 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-49553
CRITICAL
Adobe Connect < 12.10 - DOM-based Cross-Site Scripting
CVSS 9.3
CVE-2025-49552
HIGH
Adobe Connect < 12.9 - DOM-based Cross-Site Scripting
CVSS 8.1
CVE-2025-54266
MEDIUM
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
CVSS 4.8
CVE-2025-54264
HIGH
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
CVSS 8.1
CVE-2025-60374
MEDIUM
Perfex CRM < 3.3.1 - Stored Cross-Site Scripting in Chatbot
CVSS 6.1
CVE-2025-59429
MEDIUM
FreePBX < 16.0.68.39 and < 17.0.18.38 - Unauthenticated Reflected Cross-Site Scripting via Asterisk HTTP Status Page
CVSS 5.4
CVE-2025-8459
HIGH
Centreon Web 23.10.0-23.10.27 - Stored Cross-Site Scripting in Monitoring Recurrent Downtime Scheduler Modules
CVSS 7.7
CVE-2025-8430
MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in Commands Connectors Configuration
CVSS 6.8
CVE-2025-8429
MEDIUM
Centreon Infra Monitoring 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in ACL Action Access
CVSS 6.8
CVE-2025-62366
LOW
mailgen < 2.0.31 - Cross-Site Scripting via HTML Entity Encoding Bypass
CVE-2025-62172
HIGH
Pypi Homeassistant < 2025.10.2 - Basic XSS
CVE-2025-58324
MEDIUM
FortiSIEM 6.2.0-7.2.2 - Authenticated Stored Cross-Site Scripting via Crafted HTTP Requests
CVSS 6.4
CVE-2025-54893
MEDIUM
Centreon Web 23.10.0-23.10.27 - Stored Cross-Site Scripting in Hosts Templates Configuration
CVSS 6.8
CVE-2025-31366
MEDIUM
Fortinet FortiOS 6.4.0-7.6.3, FortiProxy 7.0.0-7.6.3, FortiSASE 25.2.a - Unauthenticated XSS via Crafted HTTP Requests
CVSS 4.7
CVE-2025-8428
MEDIUM
Centreon 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 Stored XSS in HTTP Loader Widget
CVSS 6.8
CVE-2025-59428
MEDIUM
EspoCRM < 9.1.9 - Authenticated Arbitrary User Creation via Stored SVG and CSRF
CVSS 5.4
CVE-2025-54892
MEDIUM
Centreon Web 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in SNMP Traps Group Configuration
CVSS 6.8
CVE-2025-54891
MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in ACL Resource Access Configuration
CVSS 6.8
CVE-2025-54889
MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in SNMP Traps Manufacturer Configuration
CVSS 6.8
Details
Vulnerabilities
45,109
Exploit Likelihood
High