CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,128 vulnerabilities with CWE-79
CVE-2025-43815 MEDIUM
Liferay Portal 7.4.3.102-7.4.3.110 & DXP 2023.Q4.0-2023.Q4.2 - XSS via backURLTitle
CVSS 6.1
CVE-2025-43811 MEDIUM
Liferay DXP 2023.Q3.1-Q3.7 Authenticated Stored XSS via Asset Author Name
CVSS 5.4
CVE-2025-35034 MEDIUM
Medical Informatics Engineering Enterprise Health - Reflected Cross-Site Scripting via portlet_user_id Parameter
CVSS 4.3
CVE-2025-57877 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57876 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Stored Cross-Site Scripting via File Upload
CVSS 4.8
CVE-2025-57875 MEDIUM
Esri Portal for ArcGIS 11.4 and below - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57874 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57873 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57871 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Authenticated Reflected Cross-Site Scripting
CVSS 4.8
CVE-2025-57424 HIGH
MyCourts v3 - Stored Cross-Site Scripting in LTA Number Profile Field
CVSS 7.3
CVE-2025-57483 HIGH
tawk.to chatbox widget v4 - Reflected Cross-Site Scripting via Vulnerable Parameter
CVSS 8.1
CVE-2025-56807 MEDIUM
FairSketch RISE Ultimate Project Manager & CRM 3.9.4 - Stored Cross-Site Scripting via Admin Dashboard File Explorer
CVSS 6.1
CVE-2025-56795 CRITICAL
mealie < 3.0.1 - Stored Cross-Site Scripting via Recipe Note and Text Fields
CVSS 9.0
CVE-2025-36352 MEDIUM
IBM License Metric Tool 9.2.0-9.2.40 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-11147 MEDIUM
apt-cacher-ng 3.2.1 - Reflected Cross-Site Scripting via HTML File Path
CVSS 5.4
CVE-2025-11146 MEDIUM
apt-cacher-ng 3.2.1 - Reflected Cross-Site Scripting via acng-report.html GET Parameter
CVSS 5.4
CVE-2025-10346 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Knowledge Base Article Subject Parameter
CVSS 6.1
CVE-2025-10345 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Lead Name and Address Parameters
CVSS 6.1
CVE-2025-10344 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Project Name and Client ID Parameters
CVSS 6.1
CVE-2025-10343 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Expense Name Parameter
CVSS 6.1
CVE-2025-10342 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Subscriptions Name Parameter
CVSS 6.1
CVE-2025-10341 MEDIUM
Perfex CRM 3.2.1-3.3.9 - Stored Cross-Site Scripting via Company Parameter
CVSS 6.1
CVE-2025-11137 LOW
GstarCAD < 9.4.0 - Stored Cross-Site Scripting in File Renaming Handler
CVSS 3.5
CVE-2025-11134 LOW
Cudy TR1200 1.16.3-20230804-164635 - XSS
CVSS 2.4
CVE-2025-11125 MEDIUM
Langleyfcu Online Banking System <57437e6400ce0ae240e692c24e6346b8d...
CVSS 4.3
Details
Vulnerabilities 45,128
Exploit Likelihood High