CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-52344 MEDIUM
Explorance Blue 8.1.2 - Stored Cross-Site Scripting via Group Name and Project Description Input Fields
CVSS 6.1
CVE-2025-43791 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting via Rich Text Field Injection
CVSS 6.1
CVE-2025-58177 MEDIUM
n8n 1.24.0-1.106.9 - Authenticated Stored Cross-Site Scripting via LangChain Chat Trigger Initial Messages
CVSS 5.4
CVE-2025-58172 MEDIUM
drawnix < 0.3.0 - Cross-Site Scripting via Debug Logging Function
CVE-2025-56252 MEDIUM
ServitiumCRM 2.10 - Cross-Site Scripting via Mobile Parameter
CVSS 6.1
CVE-2025-43794 MEDIUM
Liferay DXP <7.3 & 7.4.0-7.4.3.111 - Authenticated Stored XSS via CDN Host
CVSS 4.8
CVE-2025-9826 MEDIUM
M-Files Hubshare < 25.8 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-10434 LOW
IbuyuCMS <= 2.6.3 - Cross-Site Scripting via Article Title Parameter
CVSS 2.4
CVE-2025-10411 MEDIUM
E-Logbook with Health Monitoring System for COVID-19 1.0 - Cross-Site Scripting via profile_id Parameter
CVSS 4.3
CVE-2025-10388 LOW
Selleo Mentingo 2025.08.27 - Cross-Site Scripting via Create New Course Description Parameter
CVSS 3.5
CVE-2025-10386 MEDIUM
Yida ECMS Consulting Enterprise Management System 1.0 - XSS
CVSS 4.3
CVE-2025-10373 LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument
CVSS 3.5
CVE-2025-10372 LOW
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via nm_tipo/descricao Parameter
CVSS 3.5
CVE-2025-10370 LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Custom Script Parameter
CVSS 3.5
CVE-2025-10369 LOW
sourcefabric/rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardRegisterNew.php
CVSS 3.5
CVE-2025-10368 LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in manageFilesFolders.php
CVSS 3.5
CVE-2025-10367 LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardEdit.php
CVSS 3.5
CVE-2025-10366 LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Email Address Parameter
CVSS 3.5
CVE-2025-10340 LOW
WhatCD Gazelle <63b337026d49b5cf63ce4be20fdabdc880112fa3 - XSS
CVSS 3.5
CVE-2025-10332 LOW
unmark < 1.9.3 - Cross-Site Scripting via Title Parameter
CVSS 3.5
CVE-2025-10331 LOW
unmark < 1.9.3 - Cross-Site Scripting via Title Parameter
CVSS 3.5
CVE-2025-10330 MEDIUM
unmark < 1.9.3 - Cross-Site Scripting via Search Query Parameter
CVSS 4.3
CVE-2025-45585 MEDIUM
Audi Universal Traffic Recorder 2.0 - Stored Cross-Site Scripting via WiFi SSID Parameters
CVSS 5.4
CVE-2025-52074 MEDIUM
PHPGURUKUL Online Shopping Portal 2.1 - Stored Cross-Site Scripting via Quantity Parameter
CVSS 6.1
CVE-2025-43787 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated Stored XSS via Organization Site Names
CVSS 5.4
Details
Vulnerabilities 45,133
Exploit Likelihood High