CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-9659
LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9658
LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9657
LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9656
MEDIUM
PHPGurukul Directory Management System 2.0 - XSS
CVSS 4.3
CVE-2025-9655
LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9653
LOW
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via Cadastrar projeto Page
CVSS 3.5
CVE-2025-9652
LOW
Portabilis i-Educar < 2.10 - Cross-Site Scripting via nm_tipo/desc_tipo Parameter
CVSS 3.5
CVE-2025-9647
MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/role/list Name Parameter
CVSS 4.3
CVE-2025-9646
LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-40709
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Person Insert Endpoint Parameters
CVSS 5.4
CVE-2025-40708
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Event Name Parameter
CVSS 5.4
CVE-2025-40707
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Insert Place Name and Alias Parameters
CVSS 5.4
CVE-2025-40706
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Name Parameter in Insert Source Endpoint
CVSS 5.4
CVE-2025-40705
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Acquisition Name Parameter
CVSS 5.4
CVE-2025-40704
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Name Parameter in Edition Insertion
CVSS 5.4
CVE-2025-40703
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Group Insertion Parameters
CVSS 5.4
CVE-2025-40702
MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via /insert/file Creator and License Holder Parameters
CVSS 5.4
CVE-2025-8150
MEDIUM
Events Addon for Elementor <2.2.9 - XSS
CVSS 6.4
CVE-2025-8619
MEDIUM
OSM Map Widget for Elementor <= 1.3.0 - Authenticated Stored Cross-Site Scripting via Map Block URL
CVSS 6.4
CVE-2025-8290
MEDIUM
List Subpages <= 1.0.6 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-9595
MEDIUM
code-projects Student Information Management System 1.0 - XSS
CVSS 4.3
CVE-2025-9591
LOW
ZrLog <= 3.1.5 - Cross-Site Scripting via Theme Configuration Form FooterLink
CVSS 2.4
CVE-2025-9590
LOW
Weaver E-Mobile Mobile Management Platform <20250813 - XSS
CVSS 3.5
CVE-2025-56236
MEDIUM
FormCMS 0.5.5 - Authenticated Stored Cross-Site Scripting via Avatar Upload Feature
CVSS 6.1
CVE-2025-51967
MEDIUM
ProjectsAndPrograms School Management System 1.0 - Reflected Cross-Site Scripting via themeSet.php theme Parameter
CVSS 6.1
Details
Vulnerabilities
45,137
Exploit Likelihood
High