CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-7808
MEDIUM
WP Shopify < 1.5.4 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8934
MEDIUM
1000 Projects Sales Management System 1.0 - Cross-Site Scripting via select2112 Parameter
CVSS 4.3
CVE-2025-8933
MEDIUM
1000 Projects Sales Management System 1.0 - Cross-Site Scripting via ssalescat Parameter
CVSS 4.3
CVE-2025-45313
MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via /tasks Endpoint Title Parameter
CVSS 6.1
CVE-2025-8920
LOW
Portabilis i-Diario 1.6 - Stored Cross-Site Scripting via Planos de ensino Parameter
CVSS 2.4
CVE-2025-8919
LOW
Portabilis i-Diario < 1.6 - Cross-Site Scripting via History Page cdigo/objetivo habilidade Argument
CVSS 2.4
CVE-2025-7739
HIGH
GitLab 18.2.0-18.2.1 - Authenticated Stored Cross-Site Scripting in Scoped Label Descriptions
CVSS 8.7
CVE-2025-7734
HIGH
GitLab CE/EE <18.0.6-18.2.2 - Code Injection
CVSS 8.7
CVE-2025-6186
HIGH
GitLab 18.1-18.1.4 and 18.2-18.2.2 - Authenticated Account Takeover via Work Item Name HTML Injection
CVSS 8.7
CVE-2025-45316
MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via TextBlockModule Name Parameter
CVSS 6.1
CVE-2025-45315
MEDIUM
hortusfox-web 4.4 - Cross-Site Scripting via Email Parameter
CVSS 5.4
CVE-2025-45314
MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via Calendar Add Function
CVSS 6.1
CVE-2025-8918
LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via neighborhood name Parameter
CVSS 2.4
CVE-2025-51691
MEDIUM
MarkTwo <e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 - XSS
CVSS 6.1
CVE-2025-50690
MEDIUM
SpatialReference.org <2025-05-17 - XSS
CVSS 6.1
CVE-2025-8911
MEDIUM
WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8910
MEDIUM
WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-55170
MEDIUM
WeGIA < 3.4.8 - Reflected Cross-Site Scripting via verificacao and redir_config Parameters
CVSS 6.5
CVE-2025-36000
MEDIUM
IBM WebSphere Application Server Liberty 17.0.0.3-25.0.0.8 - Stored Cross-Site Scripting
CVSS 4.4
CVE-2025-43734
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.16 - Authenticated XSS via Custom Sort Widget
CVSS 5.4
CVE-2025-32932
MEDIUM
FortiSOAR < 7.5.2 - Authenticated Stored Cross-Site Scripting via Service Requests
CVSS 6.5
CVE-2025-49745
MEDIUM
Microsoft Dynamics 365 9.1-<9.1.38.10 - Unauthenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-49557
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-55166
MEDIUM
svg-sanitize < 0.22.0 - Open Redirect via XlinkHref Attribute Bypass
CVE-2025-54800
MEDIUM
Hydra < 2025-08-12 - Stored Cross-Site Scripting via Build Page
CVSS 6.1
Details
Vulnerabilities
45,142
Exploit Likelihood
High