CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,128 vulnerabilities with CWE-79
CVE-2025-43815
MEDIUM
Liferay Portal 7.4.3.102-7.4.3.110 & DXP 2023.Q4.0-2023.Q4.2 - XSS via backURLTitle
CVSS 6.1
CVE-2025-43811
MEDIUM
Liferay DXP 2023.Q3.1-Q3.7 Authenticated Stored XSS via Asset Author Name
CVSS 5.4
CVE-2025-35034
MEDIUM
Medical Informatics Engineering Enterprise Health - Reflected Cross-Site Scripting via portlet_user_id Parameter
CVSS 4.3
CVE-2025-57877
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57876
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 4.8
CVE-2025-57875
MEDIUM
Esri Portal for ArcGIS 11.4 and below - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57874
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57873
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57871
MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57424
HIGH
MyCourts v3 - Stored Cross-Site Scripting in LTA Number Profile Field
CVSS 7.3
CVE-2025-57483
HIGH
tawk.to chatbox widget v4 - Reflected Cross-Site Scripting via Vulnerable Parameter
CVSS 8.1
CVE-2025-56807
MEDIUM
FairSketch RISE Ultimate Project Manager & CRM 3.9.4 - Stored Cross-Site Scripting via Admin Dashboard File Explorer
CVSS 6.1
CVE-2025-56795
CRITICAL
mealie < 3.0.1 - Stored Cross-Site Scripting via Recipe Note and Text Fields
CVSS 9.0
CVE-2025-36352
MEDIUM
IBM License Metric Tool 9.2.0-9.2.40 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-11147
MEDIUM
apt-cacher-ng 3.2.1 - Reflected Cross-Site Scripting via HTML File Path
CVSS 5.4
CVE-2025-11146
MEDIUM
apt-cacher-ng 3.2.1 - Reflected Cross-Site Scripting via acng-report.html GET Parameter
CVSS 5.4
CVE-2025-10346
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Knowledge Base Article Subject Parameter
CVSS 6.1
CVE-2025-10345
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Lead Name and Address Parameters
CVSS 6.1
CVE-2025-10344
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Project Name and Client ID Parameters
CVSS 6.1
CVE-2025-10343
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Expense Name Parameter
CVSS 6.1
CVE-2025-10342
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Subscriptions Name Parameter
CVSS 6.1
CVE-2025-10341
MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Company Parameter
CVSS 6.1
CVE-2025-11137
LOW
GstarCAD < 9.4.0 - Stored Cross-Site Scripting in File Renaming Handler
CVSS 3.5
CVE-2025-11134
LOW
Cudy TR1200 1.16.3-20230804-164635 - XSS
CVSS 2.4
CVE-2025-11125
MEDIUM
Langleyfcu Online Banking System <57437e6400ce0ae240e692c24e6346b8d...
CVSS 4.3
Details
Vulnerabilities
45,128
Exploit Likelihood
High