CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,133 vulnerabilities with CWE-79
CVE-2025-59412
MEDIUM
CubeCart < 6.5.11 - Stored Cross-Site Scripting in Product Review Description
CVSS 5.4
CVE-2025-59411
MEDIUM
CubeCart < 6.5.11 - Cross-Site Scripting via Contact Form Enquiry Field
CVSS 5.4
CVE-2025-43807
MEDIUM
Liferay Portal 7.4.0-7.4.3.112 and DXP 2023.Q3.1-2023.Q3.10 - Stored Cross-Site Scripting in Notifications Widget
CVSS 5.4
CVE-2025-10794
MEDIUM
PHPGurukul Car Rental Project 3.0 - Cross-Site Scripting via search.php autofocus Parameter
CVSS 4.3
CVE-2025-9035
MEDIUM
Horato Internet Technologies Ind. And Trade Inc. Virtual Library Pl...
CVSS 5.4
CVE-2025-8079
MEDIUM
Smart Trade E-Commerce <4.5.0.0.1 - XSS
CVSS 4.6
CVE-2025-53692
HIGH
Sitecore Experience Manager (XM) 9.2-10.4 and Experience Platform (XP) 9.2-10.4 - Cross-Site Scripting
CVSS 7.1
CVE-2025-10758
LOW
htmly < 3.1.0 - Cross-Site Scripting via Custom Field Handler Label Parameter
CVSS 2.4
CVE-2025-10181
MEDIUM
Draft List <= 2.6 - Authenticated Stored Cross-Site Scripting via 'drafts' Shortcode
CVSS 6.4
CVE-2025-56762
MEDIUM
Paracrawl KeOPs v2 - Cross-Site Scripting in error.php
CVSS 6.1
CVE-2025-26514
MEDIUM
StorageGRID < 11.8.0.15 - Reflected Cross-Site Scripting
CVSS 6.4
CVE-2025-36248
MEDIUM
IBM Copy Services Manager < 6.3.14 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-8664
MEDIUM
StarCities E-Municipality Management <20250825 - XSS
CVSS 6.3
CVE-2025-58114
MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in CognitiveProcessDesigner Extension
CVSS 4.8
CVE-2025-57880
MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceWhoIsOnline Extension
CVSS 5.4
CVE-2025-48007
MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceAvatars Extension
CVSS 6.4
CVE-2025-46703
MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in AtMentions Extension
CVSS 6.4
CVE-2025-10711
MEDIUM
07FLYCMS, 07FLY-CMS, 07FlyCRM <20250831 - XSS
CVSS 4.3
CVE-2025-10710
MEDIUM
07FLYCMS 07FLY-CMS 07FlyCRM < 20250831 - Cross-Site Scripting via Name Parameter
CVSS 4.3
CVE-2025-9969
HIGH
Vizly Web Design Real Estate Packages <5.1 - XSS
CVSS 7.1
CVE-2025-10146
MEDIUM
WordPress Download Manager <3.3.23 - XSS
CVSS 6.1
CVE-2025-59715
MEDIUM
SMSEagle < 6.11 - Reflected Cross-Site Scripting via Username or Contact Phone Number
CVSS 4.8
CVE-2025-59712
MEDIUM
Snipe-IT < 8.1.18 - Cross-Site Scripting
CVSS 6.4
CVE-2025-30755
MEDIUM
OpenGrok 1.14.1 - Reflected Cross-Site Scripting via Revision Parameter
CVSS 6.1
CVE-2025-59424
HIGH
LinkAce < 2.3.1 - Stored Cross-Site Scripting via Username Field in Audit Log
CVSS 7.3
Details
Vulnerabilities
45,133
Exploit Likelihood
High