CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,114 vulnerabilities with CWE-79
CVE-2025-11425
LOW
Advanced Library Management System 1.0 - XSS
CVSS 2.4
CVE-2025-11421
LOW
Code-projects Voting System 1.0 - XSS
CVSS 3.5
CVE-2025-61999
MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via SVG Logo Upload
CVSS 4.3
CVE-2025-61998
MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via Technical Support Hyperlink Manager
CVSS 4.3
CVE-2025-61997
MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via Annual Report Enterprise Banner Upload
CVSS 4.3
CVE-2025-61996
MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting in Annual Report Template
CVSS 4.3
CVE-2025-43822
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.15-7.4.3.111 - Stored XSS in Terms and Conditions Name Field
CVSS 5.4
CVE-2025-43823
MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.8 - Stored XSS in Commerce Search Result Widget
CVSS 5.4
CVE-2025-3448
MEDIUM
B&R Automation Runtime < 6.4 - Reflected Cross-Site Scripting in System Diagnostics Manager
CVSS 6.1
CVE-2025-1826
MEDIUM
IBM Engineering Requirements Management DOORS Next 7.0.2-7.1.0 - XSS
CVSS 5.4
CVE-2025-56243
MEDIUM
PuneethReddyHC Event Management System 1.0 - Stored Cross-Site Scripting via register.php event_id Parameter
CVSS 6.1
CVE-2025-60312
MEDIUM
Sourcecodester Markdown to HTML Converter v1.0 - XSS
CVSS 6.1
CVE-2025-25009
HIGH
Kibana 7.0.0-8.18.7 - Stored Cross-Site Scripting via Case File Upload
CVSS 8.7
CVE-2025-40649
MEDIUM
BBMRI-ERIC Negotiator < 3.15.5 - Stored Cross-Site Scripting via POST Parameter
CVE-2025-11390
MEDIUM
PHPGurukul Cyber Cafe Management System 1.0 - XSS
CVSS 4.3
CVE-2025-11360
MEDIUM
Jakowenko double-take <1.13.1 - XSS
CVSS 4.3
CVE-2025-7400
MEDIUM
Featured Image from URL (FIFU) <= 5.2.7 - Authenticated Stored Cross-Site Scripting via Featured Image Custom Fields
CVSS 6.4
CVE-2025-43824
MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5 - Authenticated File Extension Manipulation
CVSS 5.4
CVE-2025-56382
MEDIUM
LionCoders SalePro POS 5.4.8 - Authenticated Stored Cross-Site Scripting via Customer Name Parameter
CVSS 6.1
CVE-2025-61769
MEDIUM
emlog <= 2.5.22 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60967
HIGH
EndRun Technologies Sonoma D12 - XSS
CVSS 7.3
CVE-2025-60961
MEDIUM
EndRun Technologies Sonoma D12 - XSS
CVSS 6.1
CVE-2025-60958
HIGH
EndRun Technologies Sonoma D12 - XSS
CVSS 7.3
CVE-2025-61224
MEDIUM
DokuWiki 2025-05-14a - Cross-Site Scripting via q Parameter
CVSS 6.5
CVE-2025-61198
MEDIUM
Optimod 5950 5950HD 5750 5750HD Trio 1.0.0.33 System 2.5.26 - Stored Cross-Site Scripting in Log Renderer
CVSS 5.4
Details
Vulnerabilities
45,114
Exploit Likelihood
High