CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-41049
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41048
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41047
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41046
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41045
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Ethical License Key Parameter
CVSS 5.4
CVE-2025-41044
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Page Name Parameter
CVSS 5.4
CVE-2025-41043
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via AppReportCode Parameters
CVSS 5.4
CVE-2025-41042
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Email Template Parameters
CVSS 5.4
CVE-2025-41041
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Language XML Parameters
CVSS 5.4
CVE-2025-41040
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Language Lipsum Parameters
CVSS 5.4
CVE-2025-41039
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Configuration Parameters
CVSS 5.4
CVE-2025-41038
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Group Name Parameter
CVSS 5.4
CVE-2025-41037
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via FileManager Search Parameter
CVSS 5.4
CVE-2025-41036
MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Admin Account Edit Parameters
CVSS 5.4
CVE-2025-9940
LOW
CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via feature.php msg Parameter
CVSS 3.5
CVE-2025-9939
LOW
CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via propertyview.php msg Parameter
CVSS 3.5
CVE-2025-9931
MEDIUM
Jinher OA 1.0 - Cross-Site Scripting via Account Parameter in Password Change Handler
CVSS 4.3
CVE-2025-9929
LOW
Responsive Blog Site 1.0 - Cross-Site Scripting via blogs_view.php Parameter Manipulation
CVSS 2.4
CVE-2025-58357
CRITICAL
5ire 0.13.2 - Cross-Site Scripting via Chat Page Script Gadgets
CVSS 9.6
CVE-2025-58064
LOW
CKEditor 5 44.2.0-45.2.1 46.0.0-46.0.2 - Cross-Site Scripting via Malicious Content Insertion
CVE-2025-9923
MEDIUM
Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-45805
HIGH
phpgurukul Doctor Appointment Management System 1.0 - Authenticated Stored Cross-Site Scripting via Doctor Profile Name
CVSS 7.6
CVE-2025-20330
MEDIUM
Cisco Unified Communications Manager IM & Presence Service - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-20328
MEDIUM
Cisco Webex Meetings - Authenticated Stored Cross-Site Scripting in User Profile Component
CVSS 5.4
CVE-2025-20280
MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 4.8
Details
Vulnerabilities
45,137
Exploit Likelihood
High