CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-58195 MEDIUM
Xpro Elementor Addons <1.4.17 - XSS
CVSS 6.5
CVE-2025-58194 MEDIUM
Bold Page Builder <= 5.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-55422 HIGH
FoxCMS 1.2.6 - Reflected Cross-Site Scripting via /index.php/plus
CVSS 8.8
CVE-2025-50977 MEDIUM
gitblit 1.7.1 - Authenticated Reflected Cross-Site Scripting via AngularJS Expression Injection
CVSS 6.1
CVE-2025-34157 CRITICAL
Coolify < 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting in Project Name
CVSS 9.0
CVE-2025-20296 MEDIUM
Cisco Unified Computing System (Managed) - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-50978 MEDIUM
Gitblit 1.7.1 - Reflected Cross-Site Scripting via Repository Path Handling
CVSS 6.1
CVE-2025-50986 MEDIUM
diskover-web v2.3.0 Community Edition - Stored Cross-Site Scripting in Administrative Settings Interface
CVSS 5.6
CVE-2025-50985 MEDIUM
diskover-web v2.3.0 Community Edition - Reflected Cross-Site Scripting via Unsanitized GET Parameters
CVSS 5.6
CVE-2025-30036 HIGH
CGM CLININET < 2024.MS4 - Stored Cross-Site Scripting in Ward Module Death Diagnosis Field
CVE-2025-49039 MEDIUM
mibuthu Link View <= 0.8.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49035 MEDIUM
chaimchaikin Admin Menu Groups <0.1.2 - XSS
CVSS 5.9
CVE-2025-7732 MEDIUM
WordPress Lazy Load for Videos <2.18.7 - XSS
CVSS 6.4
CVE-2025-8490 MEDIUM
All-in-One WP Migration & Backup <7.97 - XSS
CVSS 4.4
CVE-2025-9277 MEDIUM
SiteSEO - SEO Simplified <= 1.2.7 - Authenticated Stored Cross-Site Scripting via preg_replace Expression
CVSS 6.4
CVE-2025-50975 MEDIUM
IPFire 2.29 - Authenticated Stored XSS
CVSS 5.4
CVE-2025-50976 MEDIUM
IPFire 2.29 - Reflected Cross-Site Scripting via DNS Management Interface Parameters
CVSS 6.1
CVE-2025-57425 MEDIUM
SourceCodester FAQ Management System 1.0 - Authenticated Stored Cross-Site Scripting via Update FAQ Endpoint
CVSS 6.1
CVE-2025-52184 MEDIUM
helpy.io helpy 2.8.0 - Cross-Site Scripting via New Topic Ticket Function
CVSS 6.1
CVE-2025-56432 MEDIUM
Nagios XI 2024R2 - Stored Cross-Site Scripting in Performance Data Renderer
CVSS 6.1
CVE-2025-52217 MEDIUM
SelectZero Data Observability Platform < 2025.5.2 - HTML Injection in Legacy UI Fields
CVSS 5.4
CVE-2025-52037 MEDIUM
NotesCMS 2024-05-08 to 2025-03-31 - Stored Cross-Site Scripting via Service Title Manipulation
CVSS 6.1
CVE-2025-52036 MEDIUM
NotesCMS 2024-05-08 to 2025-03-31 - Stored Cross-Site Scripting via Service Description Title
CVSS 6.1
CVE-2025-52035 MEDIUM
NotesCMS 2024-05-08-2025-05-31 - Stored Cross-Site Scripting via Service Title Manipulation
CVSS 6.1
CVE-2025-9440 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
Details
Vulnerabilities 45,137
Exploit Likelihood High