CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,139 vulnerabilities with CWE-79
CVE-2025-43765
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated Stored XSS in Web Content Text Field
CVSS 6.1
CVE-2025-43769
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in Components Tab
CVSS 6.1
CVE-2025-43770
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via Referer/FORWARD_URL
CVSS 6.1
CVE-2025-43761
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via CKEditor
CVSS 6.1
CVE-2025-50859
MEDIUM
Easy Hosting Control Panel 20.04.1.b - XSS
CVSS 6.1
CVE-2025-50858
MEDIUM
Easy Hosting Control Panel 20.04.1.b - XSS
CVSS 6.1
CVE-2025-43760
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated XSS via PortalUtil.escapeRedirect
CVSS 5.4
CVE-2025-55620
MEDIUM
Reolink v4.54.0.4.20250526 - Cross-Site Scripting via valuateJavascript() Function
CVSS 6.1
CVE-2025-50733
MEDIUM
NextChat - Stored Cross-Site Scripting in HTMLPreview Component
CVSS 6.1
CVE-2025-55573
HIGH
new_api < 0.8.5.2 - Cross-Site Scripting
CVSS 8.8
CVE-2025-36042
MEDIUM
IBM QRadar SIEM 7.5-7.5.0 - Authenticated Stored Cross-Site Scripting in Dashboard
CVSS 5.4
CVE-2025-57891
MEDIUM
Recurring PayPal Donations <= 1.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57890
MEDIUM
Pierre Lannoy Sessions <3.2.0 - XSS
CVSS 5.9
CVE-2025-57887
MEDIUM
NooTheme Jobmonster <= 4.8.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-8281
HIGH
WP Talroo WordPress Plugin < 2.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-43753
MEDIUM
Liferay Portal 7.4.3.32-7.4.3.132 & DXP 2025.Q1.0-2025.Q1.7 Authenticated XSS in Embedded Message Field
CVSS 5.4
CVE-2025-55107
MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55106
MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55105
MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-55104
MEDIUM
ArcGIS HUB/ArcGIS Enterprise Sites - XSS
CVSS 4.8
CVE-2025-55103
MEDIUM
Esri Portal for ArcGIS Enterprise Sites <11.4 - XSS
CVSS 4.8
CVE-2025-57768
MEDIUM
phproject 1.8.0-1.8.2 - Stored Cross-Site Scripting in Planned Hours Field
CVE-2025-7969
MEDIUM
markdown-it 14.1.0 - Cross-Site Scripting in Renderer
CVSS 6.1
CVE-2025-57765
MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via msg_e Parameter
CVSS 6.5
CVE-2025-57764
MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via cargos.php msg_e Parameter
CVSS 6.5
Details
Vulnerabilities
45,139
Exploit Likelihood
High