CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,141 vulnerabilities with CWE-79
CVE-2025-9143
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via mailing_lists.shtm name/userList/address Parameter
CVSS 3.5
CVE-2025-51489
MEDIUM
moonshine < 3.12.5 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-51488
MEDIUM
moonshine < 3.12.4 - Stored Cross-Site Scripting via Admin Name Parameter
CVSS 4.9
CVE-2025-51487
MEDIUM
moonshine < 3.12.5 - Stored Cross-Site Scripting via CutCode Link Parameter
CVSS 4.5
CVE-2025-9138
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via Point Hierarchy Title Parameter
CVSS 3.5
CVE-2025-9137
LOW
Scada-LTS 2.7.8.1 - Cross-Site Scripting via Scheduled Events Alias Parameter
CVSS 3.5
CVE-2025-43740
MEDIUM
Liferay Portal 7.4.3.120-132 & DXP 2024.Q1.9-19 - Authenticated Stored XSS in Message Boards
CVSS 5.4
CVE-2025-8783
MEDIUM
WordPress Contact Manager <8.6.5 - XSS
CVSS 4.4
CVE-2025-8567
MEDIUM
Nexter Blocks < 4.5.4 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2025-8622
MEDIUM
Flexible Map <= 1.18.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-7496
MEDIUM
WPC Smart Compare for WooCommerce <6.4.7 - XSS
CVSS 6.4
CVE-2025-54862
MEDIUM
Sante PACS Server < 4.2.3 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-54759
MEDIUM
Sante PACS Server < 4.2.3 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-9119
LOW
Netis WF2419 1.2.29433 - Cross-Site Scripting via SSID Parameter in Wireless Settings Page
CVSS 2.4
CVE-2025-43731
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.16 - Authenticated XSS in Message Boards
CVSS 5.4
CVE-2025-55300
HIGH
Komari <1.0.4-fix1 - Authenticated RCE
CVE-2025-55296
MEDIUM
LibreNMS < 25.8.0 - Stored Cross-Site Scripting in Alert Template Creation
CVSS 5.5
CVE-2025-55291
HIGH
Shaarli < 0.15.0 - Reflected Cross-Site Scripting via Cloud Tag Page
CVSS 7.1
CVE-2025-55288
MEDIUM
kreaweb genealogy < 4.4.0 - Authenticated Reflected Cross-Site Scripting
CVSS 5.5
CVE-2025-55287
MEDIUM
kreaweb genealogy < 4.4.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-54421
HIGH
NamelessMC < 2.2.4 - Authenticated Cross-Site Scripting via Default Keywords Parameter
CVSS 7.2
CVE-2025-54117
CRITICAL
NamelessMC < 2.2.4 - Authenticated Cross-Site Scripting via Dashboard Text Editor
CVSS 9.0
CVE-2025-43733
MEDIUM
Liferay Portal 7.4.3.132 & DXP 2025.Q1.0-2025.Q1.7 - Authenticated XSS via Content Page Name
CVSS 5.4
CVE-2025-57703
MEDIUM
DIAEnergie < 1.11.01.001 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-57702
MEDIUM
DIAEnergie < 1.11.01.001 - Reflected Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities
45,141
Exploit Likelihood
High