CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-59412 MEDIUM
CubeCart < 6.5.11 - Stored Cross-Site Scripting in Product Review Description
CVSS 5.4
CVE-2025-59411 MEDIUM
CubeCart < 6.5.11 - Cross-Site Scripting via Contact Form Enquiry Field
CVSS 5.4
CVE-2025-43807 MEDIUM
Liferay Portal 7.4.0-7.4.3.112 and DXP 2023.Q3.1-2023.Q3.10 - Stored Cross-Site Scripting in Notifications Widget
CVSS 5.4
CVE-2025-10794 MEDIUM
PHPGurukul Car Rental Project 3.0 - Cross-Site Scripting via search.php autofocus Parameter
CVSS 4.3
CVE-2025-9035 MEDIUM
Horato Internet Technologies Ind. And Trade Inc. Virtual Library Pl...
CVSS 5.4
CVE-2025-8079 MEDIUM
Smart Trade E-Commerce <4.5.0.0.1 - XSS
CVSS 4.6
CVE-2025-53692 HIGH
Sitecore Experience Manager (XM) 9.2-10.4 and Experience Platform (XP) 9.2-10.4 - Cross-Site Scripting
CVSS 7.1
CVE-2025-10758 LOW
htmly < 3.1.0 - Cross-Site Scripting via Custom Field Handler Label Parameter
CVSS 2.4
CVE-2025-10181 MEDIUM
Draft List <= 2.6 - Authenticated Stored Cross-Site Scripting via 'drafts' Shortcode
CVSS 6.4
CVE-2025-56762 MEDIUM
Paracrawl KeOPs v2 - Cross-Site Scripting in error.php
CVSS 6.1
CVE-2025-26514 MEDIUM
StorageGRID < 11.8.0.15 - Reflected Cross-Site Scripting
CVSS 6.4
CVE-2025-36248 MEDIUM
IBM Copy Services Manager < 6.3.14 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-8664 MEDIUM
StarCities E-Municipality Management <20250825 - XSS
CVSS 6.3
CVE-2025-58114 MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in CognitiveProcessDesigner Extension
CVSS 4.8
CVE-2025-57880 MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceWhoIsOnline Extension
CVSS 5.4
CVE-2025-48007 MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in BlueSpiceAvatars Extension
CVSS 6.4
CVE-2025-46703 MEDIUM
BlueSpice 5.0-5.1.1 - Cross-Site Scripting in AtMentions Extension
CVSS 6.4
CVE-2025-10711 MEDIUM
07FLYCMS, 07FLY-CMS, 07FlyCRM <20250831 - XSS
CVSS 4.3
CVE-2025-10710 MEDIUM
07FLYCMS 07FLY-CMS 07FlyCRM < 20250831 - Cross-Site Scripting via Name Parameter
CVSS 4.3
CVE-2025-9969 HIGH
Vizly Web Design Real Estate Packages <5.1 - XSS
CVSS 7.1
CVE-2025-10146 MEDIUM
WordPress Download Manager <3.3.23 - XSS
CVSS 6.1
CVE-2025-59715 MEDIUM
SMSEagle < 6.11 - Reflected Cross-Site Scripting via Username or Contact Phone Number
CVSS 4.8
CVE-2025-59712 MEDIUM
Snipe-IT < 8.1.18 - Cross-Site Scripting
CVSS 6.4
CVE-2025-30755 MEDIUM
OpenGrok 1.14.1 - Reflected Cross-Site Scripting via Revision Parameter
CVSS 6.1
CVE-2025-59424 HIGH
LinkAce < 2.3.1 - Stored Cross-Site Scripting via Username Field in Audit Log
CVSS 7.3
Details
Vulnerabilities 45,133
Exploit Likelihood High