CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-58791 MEDIUM
Arjan Olsder SEO Auto Linker <1.5.3 - XSS
CVSS 5.9
CVE-2025-58790 MEDIUM
WPKube Kiwi < 2.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58787 MEDIUM
Themify Popup <= 1.4.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58786 MEDIUM
VW THEMES Ibtana - Ecommerce Product Addons <0.4.7.4 - XSS
CVSS 6.5
CVE-2025-58784 MEDIUM
Arisoft ARI Fancy Lightbox <1.4.0 - XSS
CVSS 6.5
CVE-2025-8684 MEDIUM
Flatsome <= 3.20.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-55209 MEDIUM
FreePBX contactmanager < 15.0.14, 16.0.0-16.0.26.4, 17.0.0-17.0.5 - Stored Cross-Site Scripting
CVE-2025-58361 CRITICAL
promptcraft-forge-studio - Cross-Site Scripting via Incomplete URL Scheme Validation
CVSS 9.3
CVE-2025-58353 HIGH
promptcraft-forge-studio - Cross-Site Scripting via Regex Blacklist Bypass
CVSS 8.2
CVE-2025-57576 MEDIUM
PHPGurukul Online Shopping Portal 2.1 - Cross-Site Scripting in /admin/updateorder.php
CVSS 5.4
CVE-2025-2694 MEDIUM
IBM Sterling B2B Integrator & File Gateway <6.1.2.7_1, 6.2.0.4 - XSS
CVSS 4.8
CVE-2025-41063 MEDIUM
appRain CMF 4.0.5 - Authenticated Reflected Cross-Site Scripting via 's' Parameter
CVSS 5.4
CVE-2025-41062 MEDIUM
appRain CMF 4.0.5 - Authenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 5.4
CVE-2025-41061 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41060 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41059 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41058 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41057 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41056 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41055 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41054 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41053 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41052 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41051 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41050 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
Details
Vulnerabilities 45,137
Exploit Likelihood High