CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,114 vulnerabilities with CWE-79
CVE-2025-8428
MEDIUM
Centreon 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 Stored XSS in HTTP Loader Widget
CVSS 6.8
CVE-2025-59428
MEDIUM
EspoCRM < 9.1.9 - Authenticated Arbitrary User Creation via Stored SVG and CSRF
CVSS 5.4
CVE-2025-54892
MEDIUM
Centreon Web 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in SNMP Traps Group Configuration
CVSS 6.8
CVE-2025-54891
MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in ACL Resource Access Configuration
CVSS 6.8
CVE-2025-54889
MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in SNMP Traps Manufacturer Configuration
CVSS 6.8
CVE-2025-7329
MEDIUM
Rockwell Automation 1783-NATR Firmware < 1.007 - Authenticated Stored Cross-Site Scripting in Configuration Fields
CVSS 4.8
CVE-2025-40772
HIGH
SiPass integrated < 3.00 - Stored Cross-Site Scripting
CVSS 7.4
CVE-2025-62365
MEDIUM
LibreNMS < 25.7.0 - Reflected Cross-Site Scripting via report_this Function
CVSS 6.1
CVE-2025-62359
MEDIUM
WeGIA >=3.4.11 <3.5.0 - Reflected Cross-Site Scripting via id_pet Parameter
CVSS 6.1
CVE-2025-62358
MEDIUM
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via Log Parameter
CVSS 5.4
CVE-2025-62178
LOW
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via idatendido Parameter
CVSS 3.5
CVE-2025-62246
MEDIUM
Liferay Portal 7.4.0-7.4.3.111 and DXP < 2023.Q4.6 - Authenticated Stored Cross-Site Scripting via User Name Field
CVSS 5.4
CVE-2025-11184
MEDIUM
QGIS QWC2 Registration GUI <=2025.03.31 - XSS
CVE-2025-11183
MEDIUM
QGIS QWC2 < 2025.08.14 - Cross-Site Scripting in Attribute Table
CVE-2025-10558
HIGH
3DSwymer 3DEXPERIENCE R2025x - Stored Cross-Site Scripting in 3DSearch
CVSS 8.7
CVE-2025-10557
HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2022x-R2025x - Stored Cross-Site Scripting in Issue Management
CVSS 8.7
CVE-2025-10556
HIGH
3DEXPERIENCE ENOVIA R2023x-R2025x - Stored Cross-Site Scripting in Specification Management
CVSS 8.7
CVE-2025-10552
HIGH
3DSwymer - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-27259
MEDIUM
Ericsson Network Manager <ENM 25.2 GA - Info Disclosure
CVSS 5.4
CVE-2025-11663
MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/manage-services.php sername Parameter
CVSS 4.7
CVE-2025-31994
MEDIUM
HCL Unica Campaign 12.1.10 - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2025-7652
MEDIUM
WordPress Easy Plugin Stats <2.0.1 - XSS
CVSS 6.4
CVE-2025-10190
MEDIUM
WP Easy Toggles <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Toggles Shortcode
CVSS 6.4
CVE-2025-10167
MEDIUM
Stock History & Reports Manager <2.2.1 - XSS
CVSS 6.4
CVE-2025-10129
MEDIUM
WordPress Live Webcam Widget & Shortcode <1.2 - XSS
CVSS 6.4
Details
Vulnerabilities
45,114
Exploit Likelihood
High