CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,114 vulnerabilities with CWE-79
CVE-2025-11333 LOW
Langleyfcu Online Banking System - XSS
CVSS 2.4
CVE-2025-11332 LOW
CmsEasy < 7.7.7.0 - Cross-Site Scripting via PHP_SELF Parameter
CVSS 3.5
CVE-2025-0609 MEDIUM
Logo Cloud < 1.18 - Cross-Site Scripting
CVSS 4.7
CVE-2025-9913 MEDIUM
SICK AG Baggage Analytics < 4.6.3 - Stored Cross-Site Scripting via Dashboard Open in New Tab Button
CVSS 4.5
CVE-2025-50538 HIGH
Flowise < 3.0.5 - Stored Cross-Site Scripting via IFRAME in Chat Log
CVSS 8.2
CVE-2025-29192 HIGH
Flowise < 3.0.5 - Stored Cross-Site Scripting via FORM and INPUT Elements in Chat Log
CVSS 8.2
CVE-2025-11308 LOW
Vanderlande Baggage 360 7.0.0 - XSS
CVSS 3.5
CVE-2025-11306 MEDIUM
qianfox FoxCMS <= 1.2 - Cross-Site Scripting via Search Page Keyword Parameter
CVSS 4.3
CVE-2025-11291 MEDIUM
ixmaps website2017 <0c71cffa0162186bc057a76766bc97e9f5a3a2d0 - XSS
CVSS 4.3
CVE-2025-11289 LOW
CicadasCMS <2431154dac8d0735e04f1fd2a3c3556668fc8dab - XSS
CVSS 2.4
CVE-2025-11283 LOW
Frappe LMS 2.35.0 - Cross-Site Scripting via Course Description Handler
CVSS 2.4
CVE-2025-11282 LOW
Frappe LMS 2.34.x-2.35.0 - Cross-Site Scripting
CVSS 2.4
CVE-2025-11278 MEDIUM
AllStarLink Supermon < 6.2 - Cross-Site Scripting in AllMon2
CVSS 4.3
CVE-2025-11276 LOW
Rebuild < 4.1.4 - Cross-Site Scripting in Comment/Guestbook
CVSS 3.5
CVE-2025-9952 MEDIUM
Trinity Audio - Text to Speech AI <5.20.2 - XSS
CVSS 6.1
CVE-2025-10383 MEDIUM
Contest Gallery < 27.0.2 - Authenticated Stored Cross-Site Scripting via Form Field Parameters
CVSS 6.4
CVE-2025-9030 MEDIUM
Majestic Before After Image <2.0.1 - XSS
CVSS 5.4
CVE-2025-8726 MEDIUM
WP Photo Album Plus <9.0.11.006 - XSS
CVSS 5.4
CVE-2025-61681 MEDIUM
KUNO CMS < 1.3.14 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53354 MEDIUM
NiceGUI < 3.0.0 - Cross-Site Scripting via ui.html()
CVSS 6.1
CVE-2025-52653 HIGH
HCL MyXalytics - Cross-Site Scripting
CVSS 7.6
CVE-2025-60454 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Image Management Module
CVSS 6.1
CVE-2025-60453 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Column Management Module
CVSS 6.1
CVE-2025-60452 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Download Module
CVSS 6.1
CVE-2025-60451 MEDIUM
MetInfo CMS 8.0 - Stored Cross-Site Scripting via SVG File Upload in Website Settings Module
CVSS 6.1
Details
Vulnerabilities 45,114
Exploit Likelihood High