CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,139 vulnerabilities with CWE-79
CVE-2025-8618
MEDIUM
WPC Smart Quick View for WooCommerce <4.2.1 - XSS
CVSS 6.4
CVE-2025-9171
LOW
solidinvoice < 2.4.0 - Stored Cross-Site Scripting via Clients Module Name Parameter
CVSS 3.5
CVE-2025-9170
LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Tax Rates Module Name Parameter
CVSS 3.5
CVE-2025-9169
LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Quote Module Name Parameter
CVSS 3.5
CVE-2025-9168
LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Client Name in Invoice Creation Module
CVSS 3.5
CVE-2025-9167
LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Recurring Invoice Client Name
CVSS 3.5
CVE-2025-55033
MEDIUM
Mozilla Focus for iOS < 142 - Cross-Site Scripting via URL Bar Drag
CVSS 6.1
CVE-2025-43744
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.19 - Stored DOM-Based Cross-Site Scripting in Asset Publisher Configuration UI
CVSS 5.4
CVE-2025-55735
MEDIUM
FlaskBlog < 2.8.0 - Stored Cross-Site Scripting via Post Content
CVSS 5.4
CVE-2025-55303
MEDIUM
Astro < 4.16.18 and 5.0.0-alpha.0-5.13.2 - Unauthorized Image Serving via Protocol-Relative URL Bypass
CVSS 6.1
CVE-2025-50891
HIGH
Adform Site Tracking <2025-08-28 - RCE
CVSS 7.2
CVE-2025-43737
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2025.Q1.0-2025.Q1.15 - Authenticated XSS via JournalPortlet backURL
CVSS 5.4
CVE-2025-33008
MEDIUM
IBM Sterling B2B Integrator 6.2.1.0-File Gateway 6.2.1.0 - XSS
CVSS 5.4
CVE-2025-31988
MEDIUM
HCL Digital Experience - Stored Cross-Site Scripting in Administrative UI
CVSS 4.9
CVE-2025-9147
LOW
jasonclark getsemantic <040c96eb8cf9947488bd01b8de99b607b0519f7d - XSS
CVSS 3.5
CVE-2025-54881
MEDIUM
mermaid 10.9.0-rc.1-11.9.0 - Cross-Site Scripting via Sequence Diagram Label Input
CVE-2025-54880
MEDIUM
mermaid 11.1.0-11.9.0 - Cross-Site Scripting via Architecture Diagram Icon Input
CVSS 6.1
CVE-2025-54411
MEDIUM
Discourse < 3.5.0 - Stored Cross-Site Scripting via Welcome Banner Username
CVSS 5.4
CVE-2025-52478
HIGH
n8n 1.77.0-1.98.2 - Authenticated Stored Cross-Site Scripting via Form Trigger Node HTML Injection
CVSS 8.7
CVE-2025-9145
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via SVG File Handler backgroundImageMP Parameter
CVSS 3.5
CVE-2025-50938
MEDIUM
hustoj 2025-01-31 - Cross-Site Scripting via TID Parameter
CVSS 6.1
CVE-2025-43738
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.19 - Authenticated XSS via Expando Portlet
CVSS 5.4
CVE-2025-9144
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via publisher_edit.shtm Name Parameter
CVSS 3.5
CVE-2025-9143
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via mailing_lists.shtm name/userList/address Parameter
CVSS 3.5
CVE-2025-51489
MEDIUM
moonshine < 3.12.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
Details
Vulnerabilities
45,139
Exploit Likelihood
High