CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-9659 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9658 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9657 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9656 MEDIUM
PHPGurukul Directory Management System 2.0 - XSS
CVSS 4.3
CVE-2025-9655 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-9653 LOW
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via Cadastrar projeto Page
CVSS 3.5
CVE-2025-9652 LOW
Portabilis i-Educar < 2.10 - Cross-Site Scripting via nm_tipo/desc_tipo Parameter
CVSS 3.5
CVE-2025-9647 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/role/list Name Parameter
CVSS 4.3
CVE-2025-9646 LOW
O2OA <10.0-410 - XSS
CVSS 3.5
CVE-2025-40709 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Person Insert Endpoint Parameters
CVSS 5.4
CVE-2025-40708 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Event Name Parameter
CVSS 5.4
CVE-2025-40707 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Insert Place Name and Alias Parameters
CVSS 5.4
CVE-2025-40706 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Name Parameter in Insert Source Endpoint
CVSS 5.4
CVE-2025-40705 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Acquisition Name Parameter
CVSS 5.4
CVE-2025-40704 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Name Parameter in Edition Insertion
CVSS 5.4
CVE-2025-40703 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via Group Insertion Parameters
CVSS 5.4
CVE-2025-40702 MEDIUM
OpenAtlas 8.9.0 - Cross-Site Scripting via /insert/file Creator and License Holder Parameters
CVSS 5.4
CVE-2025-8150 MEDIUM
Events Addon for Elementor <2.2.9 - XSS
CVSS 6.4
CVE-2025-8619 MEDIUM
OSM Map Widget for Elementor <= 1.3.0 - Authenticated Stored Cross-Site Scripting via Map Block URL
CVSS 6.4
CVE-2025-8290 MEDIUM
List Subpages <= 1.0.6 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-9595 MEDIUM
code-projects Student Information Management System 1.0 - XSS
CVSS 4.3
CVE-2025-9591 LOW
ZrLog <= 3.1.5 - Cross-Site Scripting via Theme Configuration Form FooterLink
CVSS 2.4
CVE-2025-9590 LOW
Weaver E-Mobile Mobile Management Platform <20250813 - XSS
CVSS 3.5
CVE-2025-56236 MEDIUM
FormCMS 0.5.5 - Authenticated Stored Cross-Site Scripting via Avatar Upload Feature
CVSS 6.1
CVE-2025-51967 MEDIUM
ProjectsAndPrograms School Management System 1.0 - Reflected Cross-Site Scripting via themeSet.php theme Parameter
CVSS 6.1
Details
Vulnerabilities 45,137
Exploit Likelihood High