CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-9737 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9736 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9735 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9734 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9728 MEDIUM
Vvveb 1.0.7.2 - Cross-Site Scripting via Email/Password Argument
CVSS 4.3
CVE-2025-9724 LOW
Portabilis i-educar < 2.10 - Cross-Site Scripting via nm_nivel/descricao Parameter
CVSS 3.5
CVE-2025-9723 LOW
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo Argument
CVSS 3.5
CVE-2025-9722 LOW
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo/descricao Parameter
CVSS 3.5
CVE-2025-9721 LOW
Portabilis i-Educar < 2.10 - Cross-Site Scripting via FormulaMedia Edit Function
CVSS 3.5
CVE-2025-9720 LOW
Portabilis i-educar < 2.10 - Cross-Site Scripting via Nome Parameter in Cadastrar tabela de arredondamento Page
CVSS 3.5
CVE-2025-9719 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9718 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9717 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9716 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-5083 MEDIUM
WordPress Amministrazione Trasparente <9.0 - XSS
CVSS 5.5
CVE-2025-9715 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9683 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9682 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9681 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9680 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9500 MEDIUM
TablePress <= 3.2 - Authenticated Stored XSS via shortcode_debug
CVSS 6.4
CVE-2025-9499 MEDIUM
Ocean Extra <= 2.4.9 - Authenticated Stored Cross-Site Scripting via oceanwp_library Shortcode
CVSS 6.4
CVE-2025-55580 MEDIUM
SolidInvoice 2.3.7 - Authenticated Stored Cross-Site Scripting in Clients Module
CVSS 5.4
CVE-2025-55579 MEDIUM
SolidInvoice 2.3.7 - Stored Cross-Site Scripting in Tax Rates Functionality
CVSS 5.4
CVE-2025-22483 MEDIUM
QNAP License Center 1.8.17-1.8.50 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities 45,137
Exploit Likelihood High