CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,128 vulnerabilities with CWE-79
CVE-2025-11124 LOW
code-projects Project Monitoring System 1.0 - XSS
CVSS 3.5
CVE-2025-11119 MEDIUM
iSourcecode Hostel Management System 1.0 - XSS
CVSS 4.3
CVE-2025-11112 MEDIUM
PHPGurukul Employee Record Management System 1.3 - XSS
CVSS 4.3
CVE-2025-11069 LOW
westboy CicadasCMS 1.0 - Cross-Site Scripting via Add Department Handler Name Parameter
CVSS 2.4
CVE-2025-11068 LOW
westboy CicadasCMS 1.0 - Cross-Site Scripting via categoryName Parameter
CVSS 2.4
CVE-2025-11067 LOW
Projectworlds Visitor Management System 1.0 - XSS
CVSS 2.4
CVE-2025-9816 HIGH
WP Statistics - WordPress <14.5.4 - XSS
CVSS 7.2
CVE-2025-8440 MEDIUM
Team Members plugin - WordPress <5.3.5 - XSS
CVSS 6.4
CVE-2025-36239 MEDIUM
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-57692 MEDIUM
PiranhaCMS 12.0 - Stored Cross-Site Scripting in Text Content Block
CVSS 6.8
CVE-2025-26258 MEDIUM
Sourcecodester Employee Management System 1.0 - Stored Cross-Site Scripting via Add Designation
CVSS 6.1
CVE-2025-11027 LOW
Vvveb < 1.0.7.2 - Cross-Site Scripting in SVG File Handler
CVSS 2.4
CVE-2025-6396 MEDIUM
Webbeyaz Website Design <2025.07.14 - XSS
CVSS 6.1
CVE-2025-57292 MEDIUM
Todoist v8484 - Stored Cross-Site Scripting via Avatar Upload
CVSS 6.1
CVE-2025-11019 LOW
Total.js CMS < 19.9.0 - Cross-Site Scripting in Files Menu
CVSS 2.4
CVE-2025-9642 HIGH
GitLab 14.10-18.2.6, 18.3-18.3.2, 18.4 - Cross-Site Scripting
CVSS 8.7
CVE-2025-60186 MEDIUM
Alex Moss Google+ Comments <1.0 - XSS
CVSS 5.9
CVE-2025-60185 MEDIUM
kontur Admin Style <= 1.0.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60184 MEDIUM
SEO Search Permalink <= 1.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60179 MEDIUM
Space Studio Click & Tweet <0.8.9 - XSS
CVSS 5.9
CVE-2025-60177 MEDIUM
rozx Recaptcha - wp <= 0.2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60163 MEDIUM
Robin W bbp topic count <= 3.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-60162 MEDIUM
PickPlugins Job Board Manager - XSS
CVSS 6.5
CVE-2025-60160 MEDIUM
SharkThemes Smart Related Products <2.0.5 - XSS
CVSS 5.9
CVE-2025-60158 MEDIUM
Nota Fiscal Eletrônica WooCommerce <3.4.0.6 - XSS
CVSS 5.9
Details
Vulnerabilities 45,128
Exploit Likelihood High