CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,139 vulnerabilities with CWE-79
CVE-2025-51991
HIGH
XWiki < 17.3.0 - Authenticated Server-Side Template Injection in HTTP Meta Info Field
CVSS 8.8
CVE-2025-51990
MEDIUM
XWiki < 17.3.0 - Authenticated Stored Cross-Site Scripting in Administration Presentation Fields
CVSS 4.8
CVE-2025-54175
MEDIUM
QuickCMS.EXT - Reflected Cross-Site Scripting via sFileName Parameter in Thumbnail Viewer
CVSS 6.1
CVE-2025-54172
MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Page Editor sTitle Parameter
CVSS 4.8
CVE-2025-43742
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.14 - Reflected XSS via Friendly URLs
CVSS 6.1
CVE-2025-43741
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.14 Authenticated XSS via UsersAdminPortlet assetTagNames
CVSS 5.4
CVE-2025-57731
HIGH
JetBrains YouTrack < 2025.2.92387 - Stored Cross-Site Scripting via Mermaid Diagram Content
CVSS 8.7
CVE-2025-9225
MEDIUM
MiR Robots and MiR Fleet < 3.0.0 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-54670
HIGH
bobbingwide oik <= 4.15.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54056
HIGH
LambertGroup Responsive HTML5 Audio Player PRO - XSS
CVSS 7.1
CVE-2025-54055
HIGH
Druco <= 1.5.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54046
MEDIUM
QuanticaLabs Cost Calculator <= 7.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54044
HIGH
Elite Video Player <= 10.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54032
HIGH
WebCodingPlace Real Estate Manager Pro <12.7.3 - XSS
CVSS 7.1
CVE-2025-54027
HIGH
Schiocco Support Board <3.8.0 - XSS
CVSS 7.1
CVE-2025-53564
HIGH
LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon <2.5 ...
CVSS 7.1
CVE-2025-53563
HIGH
LambertGroup YouTube Vimeo Video Player & Slider <3.8 - XSS
CVSS 7.1
CVE-2025-53562
HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-53559
HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-53319
HIGH
Raptive Ads <= 3.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53226
HIGH
digitalzoomstudio Comments Capcha Box <1.1 - XSS
CVSS 7.1
CVE-2025-53212
HIGH
LambertGroup Revolution Video Player <2.9.2 - XSS
CVSS 7.1
CVE-2025-53205
HIGH
LambertGroup Radio Player Shoutcast & Icecast <4.4.7 - XSS
CVSS 7.1
CVE-2025-53201
HIGH
NooTheme Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53195
MEDIUM
Crocoblock JetEngine <= 3.7.0 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,139
Exploit Likelihood
High