CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-7746
MEDIUM
Schneider Electric Altivar Process Drives - Cross-Site Scripting
CVE-2025-58768
CRITICAL
DeepChat <0.3.5 - Command Injection
CVSS 9.6
CVE-2025-58765
HIGH
wabac.js < 2.23.11 - Reflected Cross-Site Scripting via 404 Error Handler
CVSS 7.1
CVE-2025-44595
MEDIUM
halo < 2.20.17 - Cross-Site Scripting in Archives Endpoint
CVSS 6.1
CVE-2025-44593
MEDIUM
halo < 2.20.13 - Stored Cross-Site Scripting via Malicious HTML File Upload
CVSS 6.1
CVE-2025-34178
MEDIUM
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting via suricata_app_parsers.php policy_name Parameter
CVSS 5.4
CVE-2025-34177
MEDIUM
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting in suricata_flow_stream.php
CVSS 5.4
CVE-2025-58430
MEDIUM
listmonk <= 1.1.0 - Cross-Site Scripting via Nonce Bypass
CVSS 6.1
CVE-2025-55054
MEDIUM
Baicells EG7035E-M11 - Cross-Site Scripting
CVSS 6.1
CVE-2025-43786
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Information Disclosure via ERC Enumeration
CVSS 5.3
CVE-2025-36125
MEDIUM
IBM Hardware Management Console 10.3.1050.0 and 11.1.1110.0 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2025-34175
MEDIUM
pfSense < 2.8.0 - Reflected Cross-Site Scripting via suricata_filecheck.php filehash Parameter
CVSS 6.1
CVE-2025-34174
MEDIUM
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting via status_traffic_totals.php start-day Parameter
CVSS 5.4
CVE-2025-34172
MEDIUM
pfSense < 2.8.0 - Reflected Cross-Site Scripting via showsticktablecontent Parameter
CVSS 6.1
CVE-2025-43781
MEDIUM
Liferay Portal 7.4.3.110-128 & DXP 2024.Q1.1-12, 2024.Q2.0-13, 2024.Q3.1-8 - XSS via Search Bar Portlet URL
CVSS 6.1
CVE-2025-43775
MEDIUM
Liferay Portal 7.4.0-7.4.3.128 and DXP 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting via Remote App Title Field
CVSS 5.4
CVE-2025-57665
MEDIUM
element-plus < 2.10.6 - Open Redirect and XSS via Link Component href Attribute
CVSS 6.4
CVE-2025-58990
MEDIUM
ShopLentor <= 3.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58989
MEDIUM
silverplugins217 Dynamic Text Field For Contact Form 7 - XSS
CVSS 6.5
CVE-2025-58988
MEDIUM
Joe Dolson My Tickets <2.0.22 - XSS
CVSS 6.5
CVE-2025-58987
MEDIUM
AntoineH Football Pool <2.12.6 - XSS
CVSS 6.5
CVE-2025-58985
MEDIUM
WPFactory Additional Custom Product Tabs for WooCommerce <1.7.3 - XSS
CVSS 6.5
CVE-2025-58984
MEDIUM
Welcart e-Commerce <= 2.11.20 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58983
MEDIUM
Stefano Lissa Include Me <1.3.2 - XSS
CVSS 5.9
CVE-2025-58982
MEDIUM
Pixeline's Email Protector <1.3.8 - XSS
CVSS 5.9
Details
Vulnerabilities
45,137
Exploit Likelihood
High