CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,122 vulnerabilities with CWE-79
CVE-2025-59762
MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_DLG.ASP Parameters
CVSS 6.1
CVE-2025-59761
MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_DLG.ASP Parameters
CVSS 6.1
CVE-2025-59760
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DHL.ASP Parameters
CVSS 6.1
CVE-2025-59759
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DELCROIX.ASP Parameters
CVSS 6.1
CVE-2025-59758
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_CYLOG.ASP Parameters
CVSS 6.1
CVE-2025-59757
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_CATOLD.ASP Parameters
CVSS 6.1
CVE-2025-59756
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via SuppConn Parameter
CVSS 6.1
CVE-2025-59755
MEDIUM
AndSoft e-TMS v25.03 - Reflected Cross-Site Scripting via LOGINFRM_CAT.ASP Parameters
CVSS 6.1
CVE-2025-59754
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_original.ASP Parameters
CVSS 6.1
CVE-2025-59753
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_BET.ASP Parameters
CVSS 6.1
CVE-2025-59752
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_LXA.ASP Parameters
CVSS 6.1
CVE-2025-59751
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM_DJO.ASP Parameters
CVSS 6.1
CVE-2025-59750
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via LOGINFRM.ASP Parameters
CVSS 6.1
CVE-2025-59749
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' Parameter
CVSS 6.1
CVE-2025-59748
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' and 'reset' Parameters
CVSS 6.1
CVE-2025-59747
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'l' Parameter
CVSS 6.1
CVE-2025-59746
MEDIUM
AndSoft e-TMS 25.03 - Reflected Cross-Site Scripting via 'm' Parameter in alert.asp
CVSS 6.1
CVE-2025-56379
MEDIUM
ERPNEXT v15.67.0 - Stored Cross-Site Scripting in Blog Post Content Field
CVSS 5.4
CVE-2025-40992
MEDIUM
Creativeitem Sociopro - Stored Cross-Site Scripting via Profile Update Name Parameter
CVE-2025-40991
MEDIUM
Ekushey CRM v5.0 - Stored Cross-Site Scripting via Project File Upload Description Parameter
CVSS 5.4
CVE-2025-40990
MEDIUM
Ekushey CRM 5.0 - Stored Cross-Site Scripting via Project Bug Title and Description Parameters
CVSS 5.4
CVE-2025-40989
MEDIUM
Ekushey CRM 5.0 - Stored Cross-Site Scripting via Message Parameter
CVSS 5.4
CVE-2025-40646
MEDIUM
Energy CRM v2025 - Stored Cross-Site Scripting via JobCreatedBy Parameter
CVSS 5.4
CVE-2025-57389
MEDIUM
Luci OpenWRT v18.06.2 - Reflected Cross-Site Scripting via /admin/system/packages Endpoint
CVSS 5.4
CVE-2025-57444
MEDIUM
Radware AlteonOS Web UI Management <v33.0.4.50 - XSS
CVSS 6.1
Details
Vulnerabilities
45,122
Exploit Likelihood
High