CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,114 vulnerabilities with CWE-79
CVE-2025-8428 MEDIUM
Centreon 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 Stored XSS in HTTP Loader Widget
CVSS 6.8
CVE-2025-59428 MEDIUM
EspoCRM < 9.1.9 - Authenticated Arbitrary User Creation via Stored SVG and CSRF
CVSS 5.4
CVE-2025-54892 MEDIUM
Centreon Web 23.10.0-23.10.27, 24.04.0-24.04.17, 24.10.0-24.10.12 - Stored XSS in SNMP Traps Group Configuration
CVSS 6.8
CVE-2025-54891 MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in ACL Resource Access Configuration
CVSS 6.8
CVE-2025-54889 MEDIUM
Centreon Web 23.10.0-23.10.27 - Authenticated Stored Cross-Site Scripting in SNMP Traps Manufacturer Configuration
CVSS 6.8
CVE-2025-7329 MEDIUM
Rockwell Automation 1783-NATR Firmware < 1.007 - Authenticated Stored Cross-Site Scripting in Configuration Fields
CVSS 4.8
CVE-2025-40772 HIGH
SiPass integrated < 3.00 - Stored Cross-Site Scripting
CVSS 7.4
CVE-2025-62365 MEDIUM
LibreNMS < 25.7.0 - Reflected Cross-Site Scripting via report_this Function
CVSS 6.1
CVE-2025-62359 MEDIUM
WeGIA >=3.4.11 <3.5.0 - Reflected Cross-Site Scripting via id_pet Parameter
CVSS 6.1
CVE-2025-62358 MEDIUM
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via Log Parameter
CVSS 5.4
CVE-2025-62178 LOW
WeGIA < 3.5.1 - Reflected Cross-Site Scripting via idatendido Parameter
CVSS 3.5
CVE-2025-62246 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 and DXP < 2023.Q4.6 - Authenticated Stored Cross-Site Scripting via User Name Field
CVSS 5.4
CVE-2025-11184 MEDIUM
QGIS QWC2 Registration GUI <=2025.03.31 - XSS
CVE-2025-11183 MEDIUM
QGIS QWC2 < 2025.08.14 - Cross-Site Scripting in Attribute Table
CVE-2025-10558 HIGH
3DSwymer 3DEXPERIENCE R2025x - Stored Cross-Site Scripting in 3DSearch
CVSS 8.7
CVE-2025-10557 HIGH
3DEXPERIENCE ENOVIA Collaborative Industry Innovator R2022x-R2025x - Stored Cross-Site Scripting in Issue Management
CVSS 8.7
CVE-2025-10556 HIGH
3DEXPERIENCE ENOVIA R2023x-R2025x - Stored Cross-Site Scripting in Specification Management
CVSS 8.7
CVE-2025-10552 HIGH
3DSwymer - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-27259 MEDIUM
Ericsson Network Manager <ENM 25.2 GA - Info Disclosure
CVSS 5.4
CVE-2025-11663 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/manage-services.php sername Parameter
CVSS 4.7
CVE-2025-31994 MEDIUM
HCL Unica Campaign 12.1.10 - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2025-7652 MEDIUM
WordPress Easy Plugin Stats <2.0.1 - XSS
CVSS 6.4
CVE-2025-10190 MEDIUM
WP Easy Toggles <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Toggles Shortcode
CVSS 6.4
CVE-2025-10167 MEDIUM
Stock History & Reports Manager <2.2.1 - XSS
CVSS 6.4
CVE-2025-10129 MEDIUM
WordPress Live Webcam Widget & Shortcode <1.2 - XSS
CVSS 6.4
Details
Vulnerabilities 45,114
Exploit Likelihood High