CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-8153 MEDIUM
NEC UNIVERGE IX and IX-R/IX-V - Cross-Site Scripting
CVE-2025-10166 MEDIUM
Social Media Shortcodes <1.3.1 - XSS
CVSS 6.4
CVE-2025-43804 MEDIUM
Liferay Portal 7.4.3.93-7.4.3.111 & DXP 2023.Q4.0, 2023.Q3.1-2023.Q3.4 - XSS via Search Widget UserId
CVSS 6.1
CVE-2025-10566 MEDIUM
Campcodes Grocery Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-58174 MEDIUM
LDAP Account Manager < 9.3 - Authenticated Stored Cross-Site Scripting via Profile Name Field
CVSS 4.6
CVE-2025-57145 MEDIUM
phpgurukul auto_taxi_stand_management_system - Stored Cross-Site Scripting via search-autootaxi.php Form Field
CVSS 5.4
CVE-2025-56293 MEDIUM
code-projects Human Resource Integrated System 1.0 - Stored Cross-Site Scripting in Child Name Field
CVSS 5.4
CVE-2025-56289 MEDIUM
code-projects Document Management System 1.0 - Stored Cross-Site Scripting via Company Field
CVSS 5.4
CVE-2025-56280 MEDIUM
Food Ordering Review System 1.0 - Stored Cross-Site Scripting in Reservation Submission
CVSS 5.4
CVE-2025-8276 MEDIUM
Patika Global Technologies HumanSuite <53.21.0 - XSS
CVSS 4.3
CVE-2025-56276 MEDIUM
Food Ordering Review System 1.0 - Stored Cross-Site Scripting via Registration Username
CVSS 5.4
CVE-2025-55834 MEDIUM
JeeWMS < 3.7 - Cross-Site Scripting via logController.do
CVSS 6.1
CVE-2025-10546 MEDIUM
PPC XPON ONT 2K15X - Reflected Cross-Site Scripting via CGI Parameter Injection
CVE-2025-10534 HIGH
Firefox and Thunderbird < 143.0 - Spoofing via Site Permissions Component
CVSS 8.1
CVE-2025-6575 MEDIUM
Dolusoft Omaspot < 12.09.2025 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2025-56697 MEDIUM
Kashipara Computer Base Test 1.0 - Stored Cross-Site Scripting via smyFeedbacks POST Parameter
CVSS 6.1
CVE-2025-2404 MEDIUM
Ubit Information Technologies STOYS 2-20250916 - Cross-Site Scripting
CVSS 4.3
CVE-2025-10316 LOW
TYPO3 Form to Database < 2.2.5, 3.0.0-3.2.1, 4.0.0-4.2.2, 5.0.0-5.0.1 - Cross-Site Scripting
CVE-2025-10485 MEDIUM
pojoin h3blog <5bf704425ebc11f4c24da51f32f36bb17ae20489 - XSS
CVSS 4.3
CVE-2025-6947 MEDIUM
WatchGuard Fireware OS -12.0-12.11.2 - XSS
CVE-2025-57117 MEDIUM
Rems' Employee Management System 1.0 - Stored Cross-Site Scripting in Department Name Field
CVSS 5.4
CVE-2025-43802 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting via Custom Object API External Reference Code
CVSS 6.1
CVE-2025-59332 HIGH
3DAlloy 1.0-1.8 - Stored Cross-Site Scripting via Custom Canvas Attributes
CVSS 8.6
CVE-2025-45091 MEDIUM
Seafile 11.0.18-Pro 12.0.10 12.0.10-Pro - Authenticated Stored Cross-Site Scripting via Username
CVSS 5.4
CVE-2025-43800 MEDIUM
Liferay Portal 7.4.3.20-7.4.3.111 and DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting in Rich Text Object Field
CVSS 6.1
Details
Vulnerabilities 45,133
Exploit Likelihood High