CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-58593
MEDIUM
Orbit Fox by ThemeIsle <= 3.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57151
HIGH
phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via Fullname Parameter
CVSS 8.8
CVE-2025-57150
HIGH
phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via categoryName Parameter
CVSS 7.2
CVE-2025-26210
HIGH
DeepSeek R1-V3.1 - Cross-Site Scripting via run-html-chat.deepseeksvc.com
CVSS 8.8
CVE-2025-0878
MEDIUM
LimonDesk s1.02.14-v1.02.17 - Cross-Site Scripting
CVSS 4.7
CVE-2025-9378
MEDIUM
Vayu Blocks - WordPress <1.3.9 - XSS
CVSS 6.4
CVE-2025-58351
MEDIUM
Outline 0.72.0-0.83.0 - Stored Cross-Site Scripting via Local File Storage Bypass
CVSS 6.8
CVE-2025-9845
LOW
Fruit Shop Management System 1.0 - Cross-Site Scripting via products.php Parameter Manipulation
CVSS 3.5
CVE-2025-9834
LOW
PHPGurukul Small CRM 4.0 - Stored Cross-Site Scripting via Username Parameter in Registration
CVSS 3.5
CVE-2025-51966
MEDIUM
uTools < 7.1.1 - Stored Cross-Site Scripting via PDF Preview Functionality
CVSS 6.1
CVE-2025-55474
MEDIUM
Many Notes 0.10.1 - Stored Cross-Site Scripting via Markdown Rendering
CVSS 6.1
CVE-2025-55473
MEDIUM
Asian Arts Talents Foundation Website <5.1.x & Docker 2024.12.8.1 -...
CVSS 6.1
CVE-2025-9796
LOW
JeeSite < 5.13.0 - Cross-Site Scripting via EncodeUtils.decodeUrl2
CVSS 3.5
CVE-2025-33083
MEDIUM
IBM Concert 1.0.0-1.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-33082
MEDIUM
IBM Concert 1.0.0-1.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-0656
MEDIUM
IBM Concert 1.0.0-1.1.0 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-9773
MEDIUM
RemoteClinic < 2.0 - Cross-Site Scripting via Last Name Parameter in Staff Edit Page
CVSS 4.3
CVE-2025-9569
MEDIUM
Sunnet eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9568
MEDIUM
eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9567
MEDIUM
eHRD - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-9755
MEDIUM
khanakag-17 library_management_system < 2025-08-23 - Cross-Site Scripting via msg Parameter
CVSS 4.3
CVE-2025-9754
LOW
Campcodes Online Hospital Management System 1.0 - Stored Cross-Site Scripting via Edit Profile Username Field
CVSS 3.5
CVE-2025-9753
LOW
Campcodes Online Hospital Management System 1.0 - Cross-Site Scripting in Patient Search Module
CVSS 2.4
CVE-2025-9746
LOW
Campcodes Hospital Management System 1.0 - Stored Cross-Site Scripting in Edit Doctor Specialization Page
CVSS 2.4
CVE-2025-9738
LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument in educar_tipo_ensino_cad.php
CVSS 3.5
Details
Vulnerabilities
45,137
Exploit Likelihood
High