CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,139 vulnerabilities with CWE-79
CVE-2025-51991 HIGH
XWiki < 17.3.0 - Authenticated Server-Side Template Injection in HTTP Meta Info Field
CVSS 8.8
CVE-2025-51990 MEDIUM
XWiki < 17.3.0 - Authenticated Stored Cross-Site Scripting in Administration Presentation Fields
CVSS 4.8
CVE-2025-54175 MEDIUM
QuickCMS.EXT - Reflected Cross-Site Scripting via sFileName Parameter in Thumbnail Viewer
CVSS 6.1
CVE-2025-54172 MEDIUM
QuickCMS 6.8 - Authenticated Stored Cross-Site Scripting in Page Editor sTitle Parameter
CVSS 4.8
CVE-2025-43742 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.14 - Reflected XSS via Friendly URLs
CVSS 6.1
CVE-2025-43741 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.14 Authenticated XSS via UsersAdminPortlet assetTagNames
CVSS 5.4
CVE-2025-57731 HIGH
JetBrains YouTrack < 2025.2.92387 - Stored Cross-Site Scripting via Mermaid Diagram Content
CVSS 8.7
CVE-2025-9225 MEDIUM
MiR Robots and MiR Fleet < 3.0.0 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-54670 HIGH
bobbingwide oik <= 4.15.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54056 HIGH
LambertGroup Responsive HTML5 Audio Player PRO - XSS
CVSS 7.1
CVE-2025-54055 HIGH
Druco <= 1.5.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54046 MEDIUM
QuanticaLabs Cost Calculator <= 7.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54044 HIGH
Elite Video Player <= 10.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54032 HIGH
WebCodingPlace Real Estate Manager Pro <12.7.3 - XSS
CVSS 7.1
CVE-2025-54027 HIGH
Schiocco Support Board <3.8.0 - XSS
CVSS 7.1
CVE-2025-53564 HIGH
LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon <2.5 ...
CVSS 7.1
CVE-2025-53563 HIGH
LambertGroup YouTube Vimeo Video Player & Slider <3.8 - XSS
CVSS 7.1
CVE-2025-53562 HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-53559 HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-53319 HIGH
Raptive Ads <= 3.8.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53226 HIGH
digitalzoomstudio Comments Capcha Box <1.1 - XSS
CVSS 7.1
CVE-2025-53212 HIGH
LambertGroup Revolution Video Player <2.9.2 - XSS
CVSS 7.1
CVE-2025-53205 HIGH
LambertGroup Radio Player Shoutcast & Icecast <4.4.7 - XSS
CVSS 7.1
CVE-2025-53201 HIGH
NooTheme Jobmonster <= 4.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-53195 MEDIUM
Crocoblock JetEngine <= 3.7.0 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,139
Exploit Likelihood High