CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,141 vulnerabilities with CWE-79
CVE-2025-57701
MEDIUM
DIAEnergie < 1.11.01.001 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-57700
MEDIUM
DIAEnergie < 1.11.01.001 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-9107
MEDIUM
Portabilis i-Diario < 1.5.0 - Cross-Site Scripting via Search Autocomplete Parameter
CVSS 4.3
CVE-2025-9106
LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters
CVSS 3.5
CVE-2025-9105
LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters
CVSS 3.5
CVE-2025-9104
LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Objeto de Conhecimento/Habilidades Parameters
CVSS 3.5
CVE-2025-9103
LOW
ZenCart 2.1.0 - Cross-Site Scripting in CKEditor
CVSS 2.4
CVE-2025-9101
LOW
zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Scripting in Tag Handler
CVSS 3.5
CVE-2025-9096
LOW
ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint
CVSS 3.5
CVE-2025-9095
LOW
ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint
CVSS 3.5
CVE-2025-8143
MEDIUM
Soledad <= 8.6.7 - Authenticated Stored Cross-Site Scripting via pcsml_smartlists_h Parameter
CVSS 6.4
CVE-2025-8719
MEDIUM
Translate This gTranslate Shortcode <1.0 - XSS
CVSS 6.4
CVE-2025-8896
MEDIUM
User Profile Builder < 3.14.3 - Authenticated Stored Cross-Site Scripting via GDPR Communication Preferences Parameter
CVSS 6.4
CVE-2025-8089
MEDIUM
Advanced iFrame plugin <2025.6 - XSS
CVSS 5.4
CVE-2025-8113
MEDIUM
Ebook Store < 5.8015 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2025-8293
MEDIUM
Intl DateTime Calendar plugin - WordPress <=1.0.1 - XSS
CVSS 6.4
CVE-2025-7651
MEDIUM
Earnware Connect <= 1.0.74 - Authenticated Stored Cross-Site Scripting via ew_hasrole Shortcode
CVSS 6.4
CVE-2025-7649
MEDIUM
Surbma Recent Comments Shortcode 2.0 - XSS
CVSS 6.4
CVE-2025-7440
MEDIUM
Anber Elementor Addon <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Button Link URL Parameter
CVSS 6.4
CVE-2025-7439
MEDIUM
Anber Elementor Addon < 1.0.1 - Authenticated Stored Cross-Site Scripting via Button Link URL Parameter
CVSS 6.4
CVE-2025-6221
MEDIUM
Embed Bokun < 0.23 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2025-52620
MEDIUM
HCL BigFix SaaS < 8.1.14 - Cross-Site Scripting via Image Upload
CVSS 4.3
CVE-2025-36088
MEDIUM
IBM TS4500 Library Firmware <=1.11.0.2-C00 Authenticated Stored XSS
CVSS 5.4
CVE-2025-8362
MEDIUM
Drupal GoogleTag Manager < 1.10.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-8092
HIGH
Drupal COOKiES Consent Management < 1.2.16 - Cross-Site Scripting
CVSS 7.6
Details
Vulnerabilities
45,141
Exploit Likelihood
High