CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,137 vulnerabilities with CWE-79
CVE-2025-9439
MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9438
MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9434
MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9433
MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Name Parameter
CVSS 4.3
CVE-2025-9432
MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Title Parameter
CVSS 4.3
CVE-2025-9431
MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Search Endpoint kw Parameter
CVSS 4.3
CVE-2025-9430
LOW
mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/options/update Input Parameter
CVSS 2.4
CVE-2025-9429
LOW
mblog < 3.5.0 - Cross-Site Scripting via Post Handler Content/Title Parameter
CVSS 3.5
CVE-2025-9422
LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Team Image Handler
CVSS 2.4
CVE-2025-9416
LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Pages Image Handler
CVSS 2.4
CVE-2025-55574
MEDIUM
docmost < 0.21.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-55409
HIGH
FoxCMS 1.2.6 - Cross-Site Scripting in /index.php/article
CVSS 8.8
CVE-2025-3478
HIGH
OpenText Enterprise Security Manager - XSS
CVE-2025-9407
LOW
mblog < 3.5.0 - Cross-Site Scripting via Profile Settings Signature Parameter
CVSS 3.5
CVE-2025-54301
HIGH
Joomla Quantum Manager <3.2.0 - XSS
CVE-2025-54300
HIGH
Joomla Quantum Manager <3.2.0 - XSS
CVE-2025-9404
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via pointHierarchySLTS Title Parameter
CVSS 2.4
CVE-2025-9388
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via watch_list.shtm Name Parameter
CVSS 3.5
CVE-2025-8208
MEDIUM
Spexo Addons for Elementor <1.0.23 - XSS
CVSS 6.4
CVE-2025-5352
CRITICAL
lunary < 1.9.25 - Stored Cross-Site Scripting via NEXT_PUBLIC_CUSTOM_SCRIPT Environment Variable
CVSS 9.6
CVE-2025-9131
MEDIUM
Ogulo 360° Tour Plugin <1.0.11 - XSS
CVSS 6.4
CVE-2025-8062
MEDIUM
WS Theme Addons <= 2.0.0 - Authenticated Stored Cross-Site Scripting via ws_weather Shortcode
CVSS 6.4
CVE-2025-7957
MEDIUM
ShortcodeHub <= 1.7.1 - Authenticated Stored XSS via author_link_target
CVSS 6.4
CVE-2025-43765
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated Stored XSS in Web Content Text Field
CVSS 6.1
CVE-2025-43769
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in Components Tab
CVSS 6.1
Details
Vulnerabilities
45,137
Exploit Likelihood
High