CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,122 vulnerabilities with CWE-79
CVE-2025-60991 HIGH
Codazon Magento Themes <2.4.7 - XSS
CVSS 8.8
CVE-2025-57393 HIGH
Kissflow Work Platform 7337 Account 2.0-4.2 - Stored Cross-Site Scripting
CVSS 8.8
CVE-2025-34182 MEDIUM
OPNsense < 25.7.4 - Authenticated Stored Cross-Site Scripting via ptpid Parameter
CVE-2025-20368 MEDIUM
Splunk Enterprise <9.4.4, 9.3.6, 9.2.8 - XSS
CVSS 5.7
CVE-2025-20367 MEDIUM
Splunk Enterprise <9.4.4, 9.3.6, 9.2.8 - Code Injection
CVSS 5.7
CVE-2025-20361 MEDIUM
Cisco Unified Communications Manager < 12.5(1)SU5, < 14SU1 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20357 MEDIUM
Cisco Cyber Vision Center - Authenticated Stored Cross-Site Scripting in Reports Page
CVSS 5.4
CVE-2025-20356 MEDIUM
Cisco Cyber Vision Center < 5.2.0 - Authenticated Stored Cross-Site Scripting via Sensor Explorer Page
CVSS 5.4
CVE-2025-56515 HIGH
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG Avatar Upload
CVSS 8.8
CVE-2025-56514 MEDIUM
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG File Rendering
CVSS 5.4
CVE-2025-40648 MEDIUM
Issabel < 5.0.0-2 - Stored Cross-Site Scripting via 'numero_conferencia' Parameter
CVE-2025-40647 MEDIUM
Issabel < 5.0.0-4 - Stored Cross-Site Scripting via Email Parameter in Address Book
CVE-2025-9075 MEDIUM
ZoloBlocks < 2.3.10 - Authenticated Stored Cross-Site Scripting via Gutenberg Block Attributes
CVSS 6.4
CVE-2025-43826 MEDIUM
Liferay Portal 7.4.0-7.4.3.112 and DXP 2023.Q4.0-2023.Q4.8 - Stored Cross-Site Scripting in Web Content Translation
CVSS 5.4
CVE-2025-36132 MEDIUM
IBM Planning Analytics Local 2.0.0-2.0.106 and 2.1.0-2.1.13 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-56200 MEDIUM
validator.js < 13.15.20 - Cross-Site Scripting via URL Validation Bypass
CVSS 6.1
CVE-2025-56018 MEDIUM
SourceCodester Web-based Pharmacy Product Management System V1.0 - XSS
CVSS 6.1
CVE-2025-54476 MEDIUM
Joomla Filter 4.0.0-4.0.1 - Cross-Site Scripting in checkAttribute Method
CVE-2025-28016 MEDIUM
PHPGurukul User Registration & Login System 3.3 - Reflected XSS via fname/lname/contact
CVSS 4.8
CVE-2025-9852 MEDIUM
Yoga Schedule Momoyoga <2.9.0 - XSS
CVSS 6.4
CVE-2025-8777 MEDIUM
planetcalc < 2.2 - Authenticated Stored Cross-Site Scripting via Language Parameter
CVSS 6.4
CVE-2025-8624 MEDIUM
Nexa Blocks < 1.1.0 - Authenticated Stored Cross-Site Scripting via Google Maps Widget
CVSS 6.4
CVE-2025-8623 MEDIUM
WeedMaps Menu for WordPress <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-8608 MEDIUM
Elementor Yandex Maps <1.6.11 - XSS
CVSS 6.4
CVE-2025-8566 MEDIUM
GutenBee - Gutenberg Blocks <2.18.0 - XSS
CVSS 6.4
Details
Vulnerabilities 45,122
Exploit Likelihood High