CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,133 vulnerabilities with CWE-79
CVE-2025-52344
MEDIUM
Explorance Blue 8.1.2 - Stored Cross-Site Scripting via Group Name and Project Description Input Fields
CVSS 6.1
CVE-2025-43791
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting via Rich Text Field Injection
CVSS 6.1
CVE-2025-58177
MEDIUM
n8n 1.24.0-1.106.9 - Authenticated Stored Cross-Site Scripting via LangChain Chat Trigger Initial Messages
CVSS 5.4
CVE-2025-58172
MEDIUM
drawnix < 0.3.0 - Cross-Site Scripting via Debug Logging Function
CVE-2025-56252
MEDIUM
ServitiumCRM 2.10 - Cross-Site Scripting via Mobile Parameter
CVSS 6.1
CVE-2025-43794
MEDIUM
Liferay DXP <7.3 & 7.4.0-7.4.3.111 - Authenticated Stored XSS via CDN Host
CVSS 4.8
CVE-2025-9826
MEDIUM
M-Files Hubshare < 25.8 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-10434
LOW
IbuyuCMS <= 2.6.3 - Cross-Site Scripting via Article Title Parameter
CVSS 2.4
CVE-2025-10411
MEDIUM
E-Logbook with Health Monitoring System for COVID-19 1.0 - Cross-Site Scripting via profile_id Parameter
CVSS 4.3
CVE-2025-10388
LOW
Selleo Mentingo 2025.08.27 - Cross-Site Scripting via Create New Course Description Parameter
CVSS 3.5
CVE-2025-10386
MEDIUM
Yida ECMS Consulting Enterprise Management System 1.0 - XSS
CVSS 4.3
CVE-2025-10373
LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument
CVSS 3.5
CVE-2025-10372
LOW
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via nm_tipo/descricao Parameter
CVSS 3.5
CVE-2025-10370
LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Custom Script Parameter
CVSS 3.5
CVE-2025-10369
LOW
sourcefabric/rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardRegisterNew.php
CVSS 3.5
CVE-2025-10368
LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in manageFilesFolders.php
CVSS 3.5
CVE-2025-10367
LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting in cardEdit.php
CVSS 3.5
CVE-2025-10366
LOW
sourcefabric rpi-jukebox-rfid < 2.8.0 - Cross-Site Scripting via Email Address Parameter
CVSS 3.5
CVE-2025-10340
LOW
WhatCD Gazelle <63b337026d49b5cf63ce4be20fdabdc880112fa3 - XSS
CVSS 3.5
CVE-2025-10332
LOW
unmark < 1.9.3 - Cross-Site Scripting via Title Parameter
CVSS 3.5
CVE-2025-10331
LOW
unmark < 1.9.3 - Cross-Site Scripting via Title Parameter
CVSS 3.5
CVE-2025-10330
MEDIUM
unmark < 1.9.3 - Cross-Site Scripting via Search Query Parameter
CVSS 4.3
CVE-2025-45585
MEDIUM
Audi Universal Traffic Recorder 2.0 - Stored Cross-Site Scripting via WiFi SSID Parameters
CVSS 5.4
CVE-2025-52074
MEDIUM
PHPGURUKUL Online Shopping Portal 2.1 - Stored Cross-Site Scripting via Quantity Parameter
CVSS 6.1
CVE-2025-43787
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated Stored XSS via Organization Site Names
CVSS 5.4
Details
Vulnerabilities
45,133
Exploit Likelihood
High