CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,139 vulnerabilities with CWE-79
CVE-2025-43765 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated Stored XSS in Web Content Text Field
CVSS 6.1
CVE-2025-43769 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in Components Tab
CVSS 6.1
CVE-2025-43770 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via Referer/FORWARD_URL
CVSS 6.1
CVE-2025-43761 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via CKEditor
CVSS 6.1
CVE-2025-50859 MEDIUM
Easy Hosting Control Panel 20.04.1.b - XSS
CVSS 6.1
CVE-2025-50858 MEDIUM
Easy Hosting Control Panel 20.04.1.b - XSS
CVSS 6.1
CVE-2025-43760 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated XSS via PortalUtil.escapeRedirect
CVSS 5.4
CVE-2025-55620 MEDIUM
Reolink v4.54.0.4.20250526 - Cross-Site Scripting via valuateJavascript() Function
CVSS 6.1
CVE-2025-50733 MEDIUM
NextChat - Stored Cross-Site Scripting in HTMLPreview Component
CVSS 6.1
CVE-2025-55573 HIGH
new_api < 0.8.5.2 - Cross-Site Scripting
CVSS 8.8
CVE-2025-36042 MEDIUM
IBM QRadar SIEM 7.5-7.5.0 - Authenticated Stored Cross-Site Scripting in Dashboard
CVSS 5.4
CVE-2025-57891 MEDIUM
Recurring PayPal Donations <= 1.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57890 MEDIUM
Pierre Lannoy Sessions <3.2.0 - XSS
CVSS 5.9
CVE-2025-57887 MEDIUM
NooTheme Jobmonster <= 4.8.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-8281 HIGH
WP Talroo WordPress Plugin < 2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-43753 MEDIUM
Liferay Portal 7.4.3.32-7.4.3.132 & DXP 2025.Q1.0-2025.Q1.7 Authenticated XSS in Embedded Message Field
CVSS 5.4
CVE-2025-55107 MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55106 MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55105 MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55104 MEDIUM
ArcGIS HUB/ArcGIS Enterprise Sites - XSS
CVSS 4.8
CVE-2025-55103 MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-57768 MEDIUM
phproject 1.8.0-1.8.2 - Stored Cross-Site Scripting in Planned Hours Field
CVE-2025-7969 MEDIUM
markdown-it 14.1.0 - Cross-Site Scripting in Renderer
CVSS 6.1
CVE-2025-57765 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via msg_e Parameter
CVSS 6.5
CVE-2025-57764 MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via cargos.php msg_e Parameter
CVSS 6.5
Details
Vulnerabilities 45,139
Exploit Likelihood High