CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,128 vulnerabilities with CWE-79
CVE-2025-43779
MEDIUM
Liferay Portal 7.4.0-7.4.3.112 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via productTypeName
CVSS 6.1
CVE-2025-58674
MEDIUM
WordPress 4.7-6.8.2 - Authenticated Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-59821
MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.5
CVE-2025-59548
MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.1
CVE-2025-59546
LOW
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 2.4
CVE-2025-59545
CRITICAL
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 9.0
CVE-2025-59539
MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.3
CVE-2025-0209
MEDIUM
WSO2 Identity Server - Reflected Cross-Site Scripting in Account Registration Flow
CVSS 6.1
CVE-2025-56304
MEDIUM
YzmCMS < 7.3 - Cross-Site Scripting via Referer Header in Register Page
CVSS 6.1
CVE-2025-57407
MEDIUM
Gp247 < 1.1.24 - XSS
CVSS 5.4
CVE-2025-4760
MEDIUM
WSO2 API Control Plane and API Manager - Authenticated Stored Cross-Site Scripting via API Document Upload
CVSS 4.8
CVE-2025-10244
HIGH
Autodesk Fusion >=2602.1.25 <2604.1.25 - Stored Cross-Site Scripting via HTML Payload
CVSS 8.7
CVE-2025-9798
HIGH
Netcad Software Inc. Netigma <6.3.5 V8 - XSS
CVSS 8.9
CVE-2025-8902
MEDIUM
Widget Options - Extended <5.2.1 - XSS
CVSS 6.4
CVE-2025-10837
LOW
Simple Food Ordering System 1.0 - Cross-Site Scripting via ID Parameter in order.php
CVSS 3.5
CVE-2025-58915
MEDIUM
Emarket-design YouTube Showcase <3.5.0 - XSS
CVSS 6.5
CVE-2025-10827
MEDIUM
PHPJabbers Restaurant Menu Maker <= 1.1 - Cross-Site Scripting via Preview Theme Parameter
CVSS 4.3
CVE-2025-57205
MEDIUM
iNiLabs School Express 6.2 - Authenticated Stored Cross-Site Scripting via Editor Parameters
CVSS 5.4
CVE-2025-57204
MEDIUM
Stocky 5.0 - Authenticated Stored Cross-Site Scripting via Product Name Parameter
CVSS 5.4
CVE-2025-59526
LOW
mailgen < 2.0.30 - Cross-Site Scripting via Plaintext Email Generation
CVE-2025-57203
MEDIUM
Liquidlabs Magicai - XSS
CVSS 4.8
CVE-2025-59592
MEDIUM
Fernando Acosta Make Column Clickable Elementor <1.6.0 - XSS
CVSS 6.5
CVE-2025-59590
MEDIUM
Media Library Assistant <3.28 - XSS
CVSS 5.9
CVE-2025-59589
MEDIUM
Soledad <= 8.6.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-59587
MEDIUM
PenciDesign Penci Shortcodes & Performance - XSS
CVSS 6.5
Details
Vulnerabilities
45,128
Exploit Likelihood
High