CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,114 vulnerabilities with CWE-79
CVE-2025-59982 MEDIUM
Juniper Junos Space < 24.1R4 - Stored Cross-Site Scripting via Dashboard Search Field
CVSS 6.1
CVE-2025-59981 MEDIUM
Juniper Junos Space < 24.1R4 - Stored Cross-Site Scripting via Device Template Definition Page
CVSS 6.1
CVE-2025-59978 CRITICAL
Juniper Junos Space < 24.1R4 - Stored Cross-Site Scripting
CVSS 9.0
CVE-2025-61532 MEDIUM
SVX Portal 2.7A - Cross-Site Scripting via TG Parameter on last_heard_page.php
CVSS 6.1
CVE-2025-60302 MEDIUM
code-projects Client Details System 1.0 - XSS
CVSS 6.1
CVE-2025-59974 HIGH
Juniper Space Security Director < 24.1R4 - Stored Cross-Site Scripting
CVSS 8.4
CVE-2025-56683 CRITICAL
Logseq v0.10.9 - Stored Cross-Site Scripting via Marketplace README.md File
CVSS 9.6
CVE-2025-10240 HIGH
Flowmon < 12.5.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2025-9371 MEDIUM
Betheme <= 28.1.6 - Authenticated Stored Cross-Site Scripting via Page Title Parameter
CVSS 6.4
CVE-2025-11512 MEDIUM
code-projects Voting System 1.0 - Cross-Site Scripting via Firstname/Lastname/Platform Parameters
CVSS 4.3
CVE-2025-61788 MEDIUM
Opencast < 17.8 and 18.2 - Authenticated Stored Cross-Site Scripting in Paella Player Metadata
CVSS 5.4
CVE-2025-11485 LOW
Student Grades Management System 1.0 - Cross-Site Scripting via Manage Users Page
CVSS 2.4
CVE-2025-60318 MEDIUM
SourceCodester Pet Grooming Mgmt <1.0 - XSS
CVSS 6.1
CVE-2025-60313 MEDIUM
Sourcecodester Link Status Checker 1.0 - XSS
CVSS 6.1
CVE-2025-43771 MEDIUM
Liferay Portal 7.4.3.102-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.10, 2023.Q4.0-2023.Q4.5 - Stored XSS in Notifications Widget
CVSS 5.4
CVE-2025-61183 MEDIUM
vaahcms 2.3.1 - Cross-Site Scripting via UserBase.php storeAvatar() Upload Method
CVSS 6.1
CVE-2025-60314 MEDIUM
Configuroweb Sistema Web de Inventario 1.0 - XSS
CVSS 5.4
CVE-2025-43830 MEDIUM
Liferay Portal 7.3.2-7.4.3.111 & DXP Stored XSS in Forms Rich Text Field
CVSS 6.1
CVE-2025-43829 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-60299 MEDIUM
novel-plus 5.2.0 - Authenticated Stored Cross-Site Scripting via Book Comment Reply
CVSS 5.4
CVE-2025-60298 MEDIUM
novel-plus < 5.2.4 - Authenticated Stored Cross-Site Scripting via /author/updateIndexName
CVSS 5.4
CVE-2025-43821 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 - Stored Cross-Site Scripting in Commerce Product Comparison Table Widget
CVSS 5.4
CVE-2025-11437 LOW
JhumanJ OpnForm < 1.9.3 - Cross-Site Scripting in Form Editor
CVSS 2.4
CVE-2025-11435 MEDIUM
JhumanJ OpnForm < 1.9.3 - Cross-Site Scripting in /show/submissions
CVSS 4.3
CVE-2025-11433 LOW
itsourcecode Leave Management System 1.0 - XSS
CVSS 3.5
Details
Vulnerabilities 45,114
Exploit Likelihood High