CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,114 vulnerabilities with CWE-79
CVE-2025-11425 LOW
Advanced Library Management System 1.0 - XSS
CVSS 2.4
CVE-2025-11421 LOW
Code-projects Voting System 1.0 - XSS
CVSS 3.5
CVE-2025-61999 MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via SVG Logo Upload
CVSS 4.3
CVE-2025-61998 MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via Technical Support Hyperlink Manager
CVSS 4.3
CVE-2025-61997 MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting via Annual Report Enterprise Banner Upload
CVSS 4.3
CVE-2025-61996 MEDIUM
OPEXUS FOIAXpress < 11.13.3.0 - Authenticated Stored Cross-Site Scripting in Annual Report Template
CVSS 4.3
CVE-2025-43822 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.15-7.4.3.111 - Stored XSS in Terms and Conditions Name Field
CVSS 5.4
CVE-2025-43823 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.8 - Stored XSS in Commerce Search Result Widget
CVSS 5.4
CVE-2025-3448 MEDIUM
B&R Automation Runtime < 6.4 - Reflected Cross-Site Scripting in System Diagnostics Manager
CVSS 6.1
CVE-2025-1826 MEDIUM
IBM Engineering Requirements Management DOORS Next 7.0.2-7.1.0 - XSS
CVSS 5.4
CVE-2025-56243 MEDIUM
PuneethReddyHC Event Management System 1.0 - Stored Cross-Site Scripting via register.php event_id Parameter
CVSS 6.1
CVE-2025-60312 MEDIUM
Sourcecodester Markdown to HTML Converter v1.0 - XSS
CVSS 6.1
CVE-2025-25009 HIGH
Kibana 7.0.0-8.18.7 - Stored Cross-Site Scripting via Case File Upload
CVSS 8.7
CVE-2025-40649 MEDIUM
BBMRI-ERIC Negotiator < 3.15.5 - Stored Cross-Site Scripting via POST Parameter
CVE-2025-11390 MEDIUM
PHPGurukul Cyber Cafe Management System 1.0 - XSS
CVSS 4.3
CVE-2025-11360 MEDIUM
Jakowenko double-take <1.13.1 - XSS
CVSS 4.3
CVE-2025-7400 MEDIUM
Featured Image from URL (FIFU) <= 5.2.7 - Authenticated Stored Cross-Site Scripting via Featured Image Custom Fields
CVSS 6.4
CVE-2025-43824 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5 - Authenticated File Extension Manipulation
CVSS 5.4
CVE-2025-56382 MEDIUM
LionCoders SalePro POS 5.4.8 - Authenticated Stored Cross-Site Scripting via Customer Name Parameter
CVSS 6.1
CVE-2025-61769 MEDIUM
emlog <= 2.5.22 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-60967 HIGH
EndRun Technologies Sonoma D12 - XSS
CVSS 7.3
CVE-2025-60961 MEDIUM
EndRun Technologies Sonoma D12 - XSS
CVSS 6.1
CVE-2025-60958 HIGH
EndRun Technologies Sonoma D12 - XSS
CVSS 7.3
CVE-2025-61224 MEDIUM
DokuWiki 2025-05-14a - Cross-Site Scripting via q Parameter
CVSS 6.5
CVE-2025-61198 MEDIUM
Optimod 5950 5950HD 5750 5750HD Trio 1.0.0.33 System 2.5.26 - Stored Cross-Site Scripting in Log Renderer
CVSS 5.4
Details
Vulnerabilities 45,114
Exploit Likelihood High