CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-9439 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9438 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9434 MEDIUM
1000projects Online Student Project Report Submission And Evaluation System - Code Injection
CVSS 4.3
CVE-2025-9433 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Name Parameter
CVSS 4.3
CVE-2025-9432 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Admin Panel Title Parameter
CVSS 4.3
CVE-2025-9431 MEDIUM
mtons mblog < 3.5.0 - Cross-Site Scripting via Search Endpoint kw Parameter
CVSS 4.3
CVE-2025-9430 LOW
mtons mblog < 3.5.0 - Cross-Site Scripting via /admin/options/update Input Parameter
CVSS 2.4
CVE-2025-9429 LOW
mblog < 3.5.0 - Cross-Site Scripting via Post Handler Content/Title Parameter
CVSS 3.5
CVE-2025-9422 LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Team Image Handler
CVSS 2.4
CVE-2025-9416 LOW
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Pages Image Handler
CVSS 2.4
CVE-2025-55574 MEDIUM
docmost < 0.21.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-55409 HIGH
FoxCMS 1.2.6 - Cross-Site Scripting in /index.php/article
CVSS 8.8
CVE-2025-3478 HIGH
OpenText Enterprise Security Manager - XSS
CVE-2025-9407 LOW
mblog < 3.5.0 - Cross-Site Scripting via Profile Settings Signature Parameter
CVSS 3.5
CVE-2025-54301 HIGH
Joomla Quantum Manager <3.2.0 - XSS
CVE-2025-54300 HIGH
Joomla Quantum Manager <3.2.0 - XSS
CVE-2025-9404 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via pointHierarchySLTS Title Parameter
CVSS 2.4
CVE-2025-9388 LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via watch_list.shtm Name Parameter
CVSS 3.5
CVE-2025-8208 MEDIUM
Spexo Addons for Elementor <1.0.23 - XSS
CVSS 6.4
CVE-2025-5352 CRITICAL
lunary < 1.9.25 - Stored Cross-Site Scripting via NEXT_PUBLIC_CUSTOM_SCRIPT Environment Variable
CVSS 9.6
CVE-2025-9131 MEDIUM
Ogulo 360° Tour Plugin <1.0.11 - XSS
CVSS 6.4
CVE-2025-8062 MEDIUM
WS Theme Addons <= 2.0.0 - Authenticated Stored Cross-Site Scripting via ws_weather Shortcode
CVSS 6.4
CVE-2025-7957 MEDIUM
ShortcodeHub <= 1.7.1 - Authenticated Stored XSS via author_link_target
CVSS 6.4
CVE-2025-43765 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated Stored XSS in Web Content Text Field
CVSS 6.1
CVE-2025-43769 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in Components Tab
CVSS 6.1
Details
Vulnerabilities 45,137
Exploit Likelihood High