CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-57540 MEDIUM
Proxmox Virtual Environment 8.4 - Authenticated Stored Cross-Site Scripting in WebAuthn Relying Party Field
CVSS 5.4
CVE-2025-57539 MEDIUM
Proxmox Virtual Environment - Authenticated Stored Cross-Site Scripting in U2F Origin Field
CVSS 5.4
CVE-2025-57538 MEDIUM
Proxmox Virtual Environment - Authenticated Stored Cross-Site Scripting in Datacenter HTTP Proxy Field
CVSS 5.4
CVE-2025-54252 MEDIUM
Adobe Experience Manager < 6.5.23.0 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-47694 HIGH
solwin Blog Designer PRO <3.4.7 - XSS
CVSS 7.1
CVE-2025-47570 HIGH
WooCommerce Photo Reviews <1.3.13 - XSS
CVSS 7.1
CVE-2025-30875 MEDIUM
WP Weixin <= 1.3.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-55143 MEDIUM
Ivanti Connect Secure <22.7R2.9,22.8R2 - Info Disclosure
CVSS 6.1
CVE-2025-52277 MEDIUM
YesWiki 4.54 - Cross-Site Scripting via Meta Configuration Robots Field
CVSS 6.1
CVE-2025-43776 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.19 Authenticated Stored XSS via Custom Object Field Label
CVSS 5.4
CVE-2025-9111 LOW
AI ChatBot for WordPress <7.1.0 - XSS
CVSS 3.5
CVE-2025-9061 MEDIUM
Wilmer Core <= 2.4.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-9058 MEDIUM
Mikado Core <= 1.5.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-43778 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated Stored XSS in Kaleo Forms
CVSS 6.1
CVE-2025-42938 MEDIUM
SAP NetWeaver ABAP Platform - Unauthenticated Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-42920 MEDIUM
SAP Supplier Relationship Management - Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-10117 LOW
SourceCodester Simple To-Do List System 1.0 - Cross-Site Scripting via Add New Task Component
CVSS 3.5
CVE-2025-58746 CRITICAL
Grafana Business Links <2.4.0 - Privilege Escalation
CVSS 9.0
CVE-2025-58452 MEDIUM
WeGIA < 3.4.11 - Reflected Cross-Site Scripting via id_memorando Parameter
CVSS 6.1
CVE-2025-53838 MEDIUM
LinkAce < 2.1.9 - Stored Cross-Site Scripting via Link Attributes
CVSS 5.4
CVE-2025-10099 LOW
Portabilis i-educar < 2.10.0 - Cross-Site Scripting via educar_usuario_cad.php Email Parameter
CVSS 2.4
CVE-2025-55998 HIGH
Smart Search & Filter Shopify/BigCommerce - XSS
CVSS 8.1
CVE-2025-52161 CRITICAL
Scholl Weblication CMS Core v019.004.000.000 - Cross-Site Scripting
CVSS 9.8
CVE-2025-40642 MEDIUM
WebWork PHP script - Reflected Cross-Site Scripting via 'q' and 'engine' Parameters
CVE-2025-40641 MEDIUM
Multi-Purpose Inventory Management System - XSS
Details
Vulnerabilities 45,137
Exploit Likelihood High