CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-58195
MEDIUM
Xpro Elementor Addons <1.4.17 - XSS
CVSS 6.5
CVE-2025-58194
MEDIUM
Bold Page Builder <= 5.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-55422
HIGH
FoxCMS 1.2.6 - Reflected Cross-Site Scripting via /index.php/plus
CVSS 8.8
CVE-2025-50977
MEDIUM
gitblit 1.7.1 - Authenticated Reflected Cross-Site Scripting via AngularJS Expression Injection
CVSS 6.1
CVE-2025-34157
CRITICAL
Coolify < 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting in Project Name
CVSS 9.0
CVE-2025-20296
MEDIUM
Cisco Unified Computing System (Managed) - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-50978
MEDIUM
Gitblit 1.7.1 - Reflected Cross-Site Scripting via Repository Path Handling
CVSS 6.1
CVE-2025-50986
MEDIUM
diskover-web v2.3.0 Community Edition - Stored Cross-Site Scripting in Administrative Settings Interface
CVSS 5.6
CVE-2025-50985
MEDIUM
diskover-web v2.3.0 Community Edition - Reflected Cross-Site Scripting via Unsanitized GET Parameters
CVSS 5.6
CVE-2025-30036
HIGH
CGM CLININET < 2024.MS4 - Stored Cross-Site Scripting in Ward Module Death Diagnosis Field
CVE-2025-49039
MEDIUM
mibuthu Link View <= 0.8.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49035
MEDIUM
chaimchaikin Admin Menu Groups <0.1.2 - XSS
CVSS 5.9
CVE-2025-7732
MEDIUM
WordPress Lazy Load for Videos <2.18.7 - XSS
CVSS 6.4
CVE-2025-8490
MEDIUM
All-in-One WP Migration & Backup <7.97 - XSS
CVSS 4.4
CVE-2025-9277
MEDIUM
SiteSEO - SEO Simplified <= 1.2.7 - Authenticated Stored Cross-Site Scripting via preg_replace Expression
CVSS 6.4
CVE-2025-50975
MEDIUM
IPFire 2.29 - Authenticated Stored XSS
CVSS 5.4
CVE-2025-50976
MEDIUM
IPFire 2.29 - Reflected Cross-Site Scripting via DNS Management Interface Parameters
CVSS 6.1
CVE-2025-57425
MEDIUM
SourceCodester FAQ Management System 1.0 - Authenticated Stored Cross-Site Scripting via Update FAQ Endpoint
CVSS 6.1
CVE-2025-52184
MEDIUM
helpy.io helpy 2.8.0 - Cross-Site Scripting via New Topic Ticket Function
CVSS 6.1
CVE-2025-56432
MEDIUM
Nagios XI 2024R2 - Stored Cross-Site Scripting in Performance Data Renderer
CVSS 6.1
CVE-2025-52217
MEDIUM
SelectZero Data Observability Platform < 2025.5.2 - HTML Injection in Legacy UI Fields
CVSS 5.4
CVE-2025-52037
MEDIUM
NotesCMS 2024-05-08 to 2025-03-31 - Stored Cross-Site Scripting via Service Title Manipulation
CVSS 6.1
CVE-2025-52036
MEDIUM
NotesCMS 2024-05-08 to 2025-03-31 - Stored Cross-Site Scripting via Service Description Title
CVSS 6.1
CVE-2025-52035
MEDIUM
NotesCMS 2024-05-08-2025-05-31 - Stored Cross-Site Scripting via Service Title Manipulation
CVSS 6.1
CVE-2025-9440
MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
Details
Vulnerabilities
45,137
Exploit Likelihood
High