CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-36139 MEDIUM
IBM watsonx.data 2.2 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-59417 MEDIUM
lobehub/lobe_chat < 1.129.4 - Cross-Site Scripting via SVG Rendering
CVSS 6.1
CVE-2025-57452 MEDIUM
realme BackupRestore 15.1.12_2810c08_250314 - Cross-Site Scripting via ADB Intent URI Scheme
CVSS 6.1
CVE-2025-9992 MEDIUM
Ghost Kit - Page Builder Blocks, Motion Effects & Extensions <3.4.3...
CVSS 6.4
CVE-2025-0547 MEDIUM
Paraşüt Bizmu 2.27.0-20250212 - XSS
CVSS 4.7
CVE-2025-10642 LOW
wangchenyi1996 chat_forum - Cross-Site Scripting via Path Parameter in q.php
CVSS 3.5
CVE-2025-10632 LOW
Online Petshop Management System 1.0 - Stored Cross-Site Scripting in Admin Dashboard via availableframe.php
CVSS 3.5
CVE-2025-10631 LOW
Online Petshop Management System 1.0 - Stored Cross-Site Scripting via addcnp.php Name/Description Parameter
CVSS 3.5
CVE-2025-59415 MEDIUM
Frappe Learning < 2.35.0 - Stored Cross-Site Scripting via Profile Bio SVG Upload
CVSS 4.6
CVE-2025-37122 MEDIUM
Network Access Control Services - XSS
CVSS 6.1
CVE-2025-10614 MEDIUM
E-Logbook with Health Monitoring System for COVID-19 1.0 - Cross-Site Scripting via profile_id Parameter
CVSS 4.3
CVE-2025-10606 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via tipoacao Parameter in ConfiguracaoMovimentoGeral
CVSS 4.3
CVE-2025-10605 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via tipoacao Parameter in agenda_preferencias.php
CVSS 4.3
CVE-2025-0879 MEDIUM
Shopside App < 17.02.2025 - Authenticated Cross-Site Scripting
CVSS 4.7
CVE-2025-8411 HIGH
Dokuzsoft Technology E-Commerce <11.08.2025 - XSS
CVSS 7.1
CVE-2025-0546 MEDIUM
MevzuatTR < 12.02.2025 - Authenticated Clickjacking via iFrame Overlay
CVSS 4.7
CVE-2025-10591 LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via educar_funcao_cad.php abreviatura/tipoacao Parameters
CVSS 3.5
CVE-2025-10590 MEDIUM
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via ref_pessoa Parameter
CVSS 4.3
CVE-2025-0420 MEDIUM
Paraşüt Software Paraşüt <20250204 - XSS
CVSS 4.7
CVE-2025-0419 MEDIUM
Zirve Nova 235-20250131 - Cross-Site Scripting
CVSS 4.7
CVE-2025-9565 MEDIUM
Blocksy Companion <= 2.1.10 - Authenticated Stored Cross-Site Scripting via Newsletter Subscribe Shortcode
CVSS 6.4
CVE-2025-9203 MEDIUM
Media Player Addons for Elementor <1.0.5 - XSS
CVSS 6.4
CVE-2025-10584 LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_anotacao/descricao Parameter
CVSS 3.5
CVE-2025-9851 MEDIUM
Appointmind <= 4.1.0 - Authenticated Stored Cross-Site Scripting via appointmind_calendar Shortcode
CVSS 6.4
CVE-2025-8394 MEDIUM
Productive Style < 1.1.23 - Authenticated Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode
CVSS 6.4
Details
Vulnerabilities 45,133
Exploit Likelihood High