CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-58593 MEDIUM
Orbit Fox by ThemeIsle <= 3.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57151 HIGH
phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via Fullname Parameter
CVSS 8.8
CVE-2025-57150 HIGH
phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via categoryName Parameter
CVSS 7.2
CVE-2025-26210 HIGH
DeepSeek R1-V3.1 - Cross-Site Scripting via run-html-chat.deepseeksvc.com
CVSS 8.8
CVE-2025-0878 MEDIUM
LimonDesk s1.02.14-v1.02.17 - Cross-Site Scripting
CVSS 4.7
CVE-2025-9378 MEDIUM
Vayu Blocks - WordPress <1.3.9 - XSS
CVSS 6.4
CVE-2025-58351 MEDIUM
Outline 0.72.0-0.83.0 - Stored Cross-Site Scripting via Local File Storage Bypass
CVSS 6.8
CVE-2025-9845 LOW
Fruit Shop Management System 1.0 - Cross-Site Scripting via products.php Parameter Manipulation
CVSS 3.5
CVE-2025-9834 LOW
PHPGurukul Small CRM 4.0 - Stored Cross-Site Scripting via Username Parameter in Registration
CVSS 3.5
CVE-2025-51966 MEDIUM
uTools < 7.1.1 - Stored Cross-Site Scripting via PDF Preview Functionality
CVSS 6.1
CVE-2025-55474 MEDIUM
Many Notes 0.10.1 - Stored Cross-Site Scripting via Markdown Rendering
CVSS 6.1
CVE-2025-55473 MEDIUM
Asian Arts Talents Foundation Website <5.1.x & Docker 2024.12.8.1 -...
CVSS 6.1
CVE-2025-9796 LOW
JeeSite < 5.13.0 - Cross-Site Scripting via EncodeUtils.decodeUrl2
CVSS 3.5
CVE-2025-33083 MEDIUM
IBM Concert 1.0.0-1.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-33082 MEDIUM
IBM Concert 1.0.0-1.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-0656 MEDIUM
IBM Concert 1.0.0-1.1.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-9773 MEDIUM
RemoteClinic < 2.0 - Cross-Site Scripting via Last Name Parameter in Staff Edit Page
CVSS 4.3
CVE-2025-9569 MEDIUM
Sunnet eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9568 MEDIUM
eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9567 MEDIUM
eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9755 MEDIUM
khanakag-17 library_management_system < 2025-08-23 - Cross-Site Scripting via msg Parameter
CVSS 4.3
CVE-2025-9754 LOW
Campcodes Online Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Profile Username Field
CVSS 3.5
CVE-2025-9753 LOW
Campcodes Online Hospital Management System 1.0 - Cross-Site Scripting in Patient Search Module
CVSS 2.4
CVE-2025-9746 LOW
Campcodes Hospital Management System 1.0 - Stored Cross-Site Scripting in Edit Doctor Specialization Page
CVSS 2.4
CVE-2025-9738 LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument in educar_tipo_ensino_cad.php
CVSS 3.5
Details
Vulnerabilities 45,137
Exploit Likelihood High