CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,114 vulnerabilities with CWE-79
CVE-2025-11333
LOW
Langleyfcu Online Banking System - XSS
CVSS 2.4
CVE-2025-11332
LOW
CmsEasy < 7.7.7.0 - Cross-Site Scripting via PHP_SELF Parameter
CVSS 3.5
CVE-2025-0609
MEDIUM
Logo Cloud < 1.18 - Cross-Site Scripting
CVSS 4.7
CVE-2025-9913
MEDIUM
SICK AG Baggage Analytics < 4.6.3 - Stored Cross-Site Scripting via Dashboard Open in New Tab Button
CVSS 4.5
CVE-2025-50538
HIGH
Flowise < 3.0.5 - Stored Cross-Site Scripting via IFRAME in Chat Log
CVSS 8.2
CVE-2025-29192
HIGH
Flowise < 3.0.5 - Stored Cross-Site Scripting via FORM and INPUT Elements in Chat Log
CVSS 8.2
CVE-2025-11308
LOW
Vanderlande Baggage 360 7.0.0 - XSS
CVSS 3.5
CVE-2025-11306
MEDIUM
qianfox FoxCMS <= 1.2 - Cross-Site Scripting via Search Page Keyword Parameter
CVSS 4.3
CVE-2025-11291
MEDIUM
ixmaps website2017 <0c71cffa0162186bc057a76766bc97e9f5a3a2d0 - XSS
CVSS 4.3
CVE-2025-11289
LOW
CicadasCMS <2431154dac8d0735e04f1fd2a3c3556668fc8dab - XSS
CVSS 2.4
CVE-2025-11283
LOW
Frappe LMS 2.35.0 - Cross-Site Scripting via Course Description Handler
CVSS 2.4
CVE-2025-11282
LOW
Frappe LMS 2.34.x-2.35.0 - Cross-Site Scripting
CVSS 2.4
CVE-2025-11278
MEDIUM
AllStarLink Supermon < 6.2 - Cross-Site Scripting in AllMon2
CVSS 4.3
CVE-2025-11276
LOW
Rebuild < 4.1.4 - Cross-Site Scripting in Comment/Guestbook
CVSS 3.5
CVE-2025-9952
MEDIUM
Trinity Audio - Text to Speech AI <5.20.2 - XSS
CVSS 6.1
CVE-2025-10383
MEDIUM
Contest Gallery < 27.0.2 - Authenticated Stored Cross-Site Scripting via Form Field Parameters
CVSS 6.4
CVE-2025-9030
MEDIUM
Majestic Before After Image <2.0.1 - XSS
CVSS 5.4
CVE-2025-8726
MEDIUM
WP Photo Album Plus <9.0.11.006 - XSS
CVSS 5.4
CVE-2025-61681
MEDIUM
KUNO CMS < 1.3.14 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53354
MEDIUM
NiceGUI < 3.0.0 - Cross-Site Scripting via ui.html()
CVSS 6.1
CVE-2025-52653
HIGH
HCL MyXalytics - Cross-Site Scripting
CVSS 7.6
CVE-2025-60454
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Image Management Module
CVSS 6.1
CVE-2025-60453
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Column Management Module
CVSS 6.1
CVE-2025-60452
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Download Module
CVSS 6.1
CVE-2025-60451
MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Website Settings Module
CVSS 6.1
Details
Vulnerabilities
45,114
Exploit Likelihood
High