CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-41049 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41048 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41047 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41046 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Addon Layout Parameters
CVSS 5.4
CVE-2025-41045 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Ethical License Key Parameter
CVSS 5.4
CVE-2025-41044 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Page Name Parameter
CVSS 5.4
CVE-2025-41043 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via AppReportCode Parameters
CVSS 5.4
CVE-2025-41042 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Email Template Parameters
CVSS 5.4
CVE-2025-41041 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Language XML Parameters
CVSS 5.4
CVE-2025-41040 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Language Lipsum Parameters
CVSS 5.4
CVE-2025-41039 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Configuration Parameters
CVSS 5.4
CVE-2025-41038 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Group Name Parameter
CVSS 5.4
CVE-2025-41037 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via FileManager Search Parameter
CVSS 5.4
CVE-2025-41036 MEDIUM
appRain CMF 4.0.5 - Authenticated Stored Cross-Site Scripting via Admin Account Edit Parameters
CVSS 5.4
CVE-2025-9940 LOW
CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via feature.php msg Parameter
CVSS 3.5
CVE-2025-9939 LOW
CodeAstro Real Estate Management System 1.0 - Cross-Site Scripting via propertyview.php msg Parameter
CVSS 3.5
CVE-2025-9931 MEDIUM
Jinher OA 1.0 - Cross-Site Scripting via Account Parameter in Password Change Handler
CVSS 4.3
CVE-2025-9929 LOW
Responsive Blog Site 1.0 - Cross-Site Scripting via blogs_view.php Parameter Manipulation
CVSS 2.4
CVE-2025-58357 CRITICAL
5ire 0.13.2 - Cross-Site Scripting via Chat Page Script Gadgets
CVSS 9.6
CVE-2025-58064 LOW
CKEditor 5 44.2.0-45.2.1 46.0.0-46.0.2 - Cross-Site Scripting via Malicious Content Insertion
CVE-2025-9923 MEDIUM
Campcodes Sales and Inventory System 1.0 - Cross-Site Scripting via Page Parameter
CVSS 4.3
CVE-2025-45805 HIGH
phpgurukul Doctor Appointment Management System 1.0 - Authenticated Stored Cross-Site Scripting via Doctor Profile Name
CVSS 7.6
CVE-2025-20330 MEDIUM
Cisco Unified Communications Manager IM & Presence Service - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-20328 MEDIUM
Cisco Webex Meetings - Authenticated Stored Cross-Site Scripting in User Profile Component
CVSS 5.4
CVE-2025-20280 MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 4.8
Details
Vulnerabilities 45,137
Exploit Likelihood High