CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,128 vulnerabilities with CWE-79
CVE-2025-43779 MEDIUM
Liferay Portal 7.4.0-7.4.3.112 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via productTypeName
CVSS 6.1
CVE-2025-58674 MEDIUM
WordPress 4.7-6.8.2 - Authenticated Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-59821 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.5
CVE-2025-59548 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.1
CVE-2025-59546 LOW
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 2.4
CVE-2025-59545 CRITICAL
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 9.0
CVE-2025-59539 MEDIUM
Dnnsoftware Dotnetnuke < 10.1.0 - XSS
CVSS 6.3
CVE-2025-0209 MEDIUM
WSO2 Identity Server - Reflected Cross-Site Scripting in Account Registration Flow
CVSS 6.1
CVE-2025-56304 MEDIUM
YzmCMS < 7.3 - Cross-Site Scripting via Referer Header in Register Page
CVSS 6.1
CVE-2025-57407 MEDIUM
Gp247 < 1.1.24 - XSS
CVSS 5.4
CVE-2025-4760 MEDIUM
WSO2 API Control Plane and API Manager - Authenticated Stored Cross-Site Scripting via API Document Upload
CVSS 4.8
CVE-2025-10244 HIGH
Autodesk Fusion >=2602.1.25 <2604.1.25 - Stored Cross-Site Scripting via HTML Payload
CVSS 8.7
CVE-2025-9798 HIGH
Netcad Software Inc. Netigma <6.3.5 V8 - XSS
CVSS 8.9
CVE-2025-8902 MEDIUM
Widget Options - Extended <5.2.1 - XSS
CVSS 6.4
CVE-2025-10837 LOW
Simple Food Ordering System 1.0 - Cross-Site Scripting via ID Parameter in order.php
CVSS 3.5
CVE-2025-58915 MEDIUM
Emarket-design YouTube Showcase <3.5.0 - XSS
CVSS 6.5
CVE-2025-10827 MEDIUM
PHPJabbers Restaurant Menu Maker <= 1.1 - Cross-Site Scripting via Preview Theme Parameter
CVSS 4.3
CVE-2025-57205 MEDIUM
iNiLabs School Express 6.2 - Authenticated Stored Cross-Site Scripting via Editor Parameters
CVSS 5.4
CVE-2025-57204 MEDIUM
Stocky 5.0 - Authenticated Stored Cross-Site Scripting via Product Name Parameter
CVSS 5.4
CVE-2025-59526 LOW
mailgen < 2.0.30 - Cross-Site Scripting via Plaintext Email Generation
CVE-2025-57203 MEDIUM
Liquidlabs Magicai - XSS
CVSS 4.8
CVE-2025-59592 MEDIUM
Fernando Acosta Make Column Clickable Elementor <1.6.0 - XSS
CVSS 6.5
CVE-2025-59590 MEDIUM
Media Library Assistant <3.28 - XSS
CVSS 5.9
CVE-2025-59589 MEDIUM
Soledad <= 8.6.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-59587 MEDIUM
PenciDesign Penci Shortcodes & Performance - XSS
CVSS 6.5
Details
Vulnerabilities 45,128
Exploit Likelihood High