CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,139 vulnerabilities with CWE-79
CVE-2025-8618 MEDIUM
WPC Smart Quick View for WooCommerce <4.2.1 - XSS
CVSS 6.4
CVE-2025-9171 LOW
solidinvoice < 2.4.0 - Stored Cross-Site Scripting via Clients Module Name Parameter
CVSS 3.5
CVE-2025-9170 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Tax Rates Module Name Parameter
CVSS 3.5
CVE-2025-9169 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Quote Module Name Parameter
CVSS 3.5
CVE-2025-9168 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Client Name in Invoice Creation Module
CVSS 3.5
CVE-2025-9167 LOW
SolidInvoice < 2.4.0 - Stored Cross-Site Scripting via Recurring Invoice Client Name
CVSS 3.5
CVE-2025-55033 MEDIUM
Mozilla Focus for iOS < 142 - Cross-Site Scripting via URL Bar Drag
CVSS 6.1
CVE-2025-43744 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.19 - Stored DOM-Based Cross-Site Scripting in Asset Publisher Configuration UI
CVSS 5.4
CVE-2025-55735 MEDIUM
FlaskBlog < 2.8.0 - Stored Cross-Site Scripting via Post Content
CVSS 5.4
CVE-2025-55303 MEDIUM
Astro < 4.16.18 and 5.0.0-alpha.0-5.13.2 - Unauthorized Image Serving via Protocol-Relative URL Bypass
CVSS 6.1
CVE-2025-50891 HIGH
Adform Site Tracking <2025-08-28 - RCE
CVSS 7.2
CVE-2025-43737 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2025.Q1.0-2025.Q1.15 - Authenticated XSS via JournalPortlet backURL
CVSS 5.4
CVE-2025-33008 MEDIUM
IBM Sterling B2B Integrator 6.2.1.0-File Gateway 6.2.1.0 - XSS
CVSS 5.4
CVE-2025-31988 MEDIUM
HCL Digital Experience - Stored Cross-Site Scripting in Administrative UI
CVSS 4.9
CVE-2025-9147 LOW
jasonclark getsemantic <040c96eb8cf9947488bd01b8de99b607b0519f7d - XSS
CVSS 3.5
CVE-2025-54881 MEDIUM
mermaid 10.9.0-rc.1-11.9.0 - Cross-Site Scripting via Sequence Diagram Label Input
CVE-2025-54880 MEDIUM
mermaid 11.1.0-11.9.0 - Cross-Site Scripting via Architecture Diagram Icon Input
CVSS 6.1
CVE-2025-54411 MEDIUM
Discourse < 3.5.0 - Stored Cross-Site Scripting via Welcome Banner Username
CVSS 5.4
CVE-2025-52478 HIGH
n8n 1.77.0-1.98.2 - Authenticated Stored Cross-Site Scripting via Form Trigger Node HTML Injection
CVSS 8.7
CVE-2025-9145 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via SVG File Handler backgroundImageMP Parameter
CVSS 3.5
CVE-2025-50938 MEDIUM
hustoj 2025-01-31 - Cross-Site Scripting via TID Parameter
CVSS 6.1
CVE-2025-43738 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.19 - Authenticated XSS via Expando Portlet
CVSS 5.4
CVE-2025-9144 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via publisher_edit.shtm Name Parameter
CVSS 3.5
CVE-2025-9143 LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via mailing_lists.shtm name/userList/address Parameter
CVSS 3.5
CVE-2025-51489 MEDIUM
moonshine < 3.12.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
Details
Vulnerabilities 45,139
Exploit Likelihood High