CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,122 vulnerabilities with CWE-79
CVE-2025-59762 MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_DLG.ASP Parameters
CVSS 6.1
CVE-2025-59761 MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_DLG.ASP Parameters
CVSS 6.1
CVE-2025-59760 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DHL.ASP Parameters
CVSS 6.1
CVE-2025-59759 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DELCROIX.ASP Parameters
CVSS 6.1
CVE-2025-59758 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_CYLOG.ASP Parameters
CVSS 6.1
CVE-2025-59757 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_CATOLD.ASP Parameters
CVSS 6.1
CVE-2025-59756 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via SuppConn Parameter
CVSS 6.1
CVE-2025-59755 MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_CAT.ASP Parameters
CVSS 6.1
CVE-2025-59754 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_original.ASP Parameters
CVSS 6.1
CVE-2025-59753 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_BET.ASP Parameters
CVSS 6.1
CVE-2025-59752 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LXA.ASP Parameters
CVSS 6.1
CVE-2025-59751 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DJO.ASP Parameters
CVSS 6.1
CVE-2025-59750 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM.ASP Parameters
CVSS 6.1
CVE-2025-59749 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' Parameter
CVSS 6.1
CVE-2025-59748 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' and 'reset' Parameters
CVSS 6.1
CVE-2025-59747 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' Parameter
CVSS 6.1
CVE-2025-59746 MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'm' Parameter in alert.asp
CVSS 6.1
CVE-2025-56379 MEDIUM
ERPNEXT v15.67.0 - Stored Cross-Site Scripting in Blog Post Content Field
CVSS 5.4
CVE-2025-40992 MEDIUM
Creativeitem Sociopro - Stored Cross-Site Scripting via Profile Update Name Parameter
CVE-2025-40991 MEDIUM
Ekushey CRM v5.0 - Stored Cross-Site Scripting via Project File Upload Description Parameter
CVSS 5.4
CVE-2025-40990 MEDIUM
Ekushey CRM 5.0 - Stored Cross-Site Scripting via Project Bug Title and Description Parameters
CVSS 5.4
CVE-2025-40989 MEDIUM
Ekushey CRM 5.0 - Stored Cross-Site Scripting via Message Parameter
CVSS 5.4
CVE-2025-40646 MEDIUM
Energy CRM v2025 - Stored Cross-Site Scripting via JobCreatedBy Parameter
CVSS 5.4
CVE-2025-57389 MEDIUM
Luci OpenWRT v18.06.2 - Reflected Cross-Site Scripting via /admin/system/packages Endpoint
CVSS 5.4
CVE-2025-57444 MEDIUM
Radware AlteonOS Web UI Management <v33.0.4.50 - XSS
CVSS 6.1
Details
Vulnerabilities 45,122
Exploit Likelihood High