CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-7808 MEDIUM
WP Shopify < 1.5.4 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8934 MEDIUM
1000 Projects Sales Management System 1.0 - Cross-Site Scripting via select2112 Parameter
CVSS 4.3
CVE-2025-8933 MEDIUM
1000 Projects Sales Management System 1.0 - Cross-Site Scripting via ssalescat Parameter
CVSS 4.3
CVE-2025-45313 MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via /tasks Endpoint Title Parameter
CVSS 6.1
CVE-2025-8920 LOW
Portabilis i-Diario 1.6 - Stored Cross-Site Scripting via Planos de ensino Parameter
CVSS 2.4
CVE-2025-8919 LOW
Portabilis i-Diario < 1.6 - Cross-Site Scripting via History Page cdigo/objetivo habilidade Argument
CVSS 2.4
CVE-2025-7739 HIGH
GitLab 18.2.0-18.2.1 - Authenticated Stored Cross-Site Scripting in Scoped Label Descriptions
CVSS 8.7
CVE-2025-7734 HIGH
GitLab CE/EE <18.0.6-18.2.2 - Code Injection
CVSS 8.7
CVE-2025-6186 HIGH
GitLab 18.1-18.1.4 and 18.2-18.2.2 - Authenticated Account Takeover via Work Item Name HTML Injection
CVSS 8.7
CVE-2025-45316 MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via TextBlockModule Name Parameter
CVSS 6.1
CVE-2025-45315 MEDIUM
hortusfox-web 4.4 - Cross-Site Scripting via Email Parameter
CVSS 5.4
CVE-2025-45314 MEDIUM
hortusfox-web 4.4 - Stored Cross-Site Scripting via Calendar Add Function
CVSS 6.1
CVE-2025-8918 LOW
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via neighborhood name Parameter
CVSS 2.4
CVE-2025-51691 MEDIUM
MarkTwo <e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 - XSS
CVSS 6.1
CVE-2025-50690 MEDIUM
SpatialReference.org <2025-05-17 - XSS
CVSS 6.1
CVE-2025-8911 MEDIUM
WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8910 MEDIUM
WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-55170 MEDIUM
WeGIA < 3.4.8 - Reflected Cross-Site Scripting via verificacao and redir_config Parameters
CVSS 6.5
CVE-2025-36000 MEDIUM
IBM WebSphere Application Server Liberty 17.0.0.3-25.0.0.8 - Stored Cross-Site Scripting
CVSS 4.4
CVE-2025-43734 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.16 - Authenticated XSS via Custom Sort Widget
CVSS 5.4
CVE-2025-32932 MEDIUM
FortiSOAR < 7.5.2 - Authenticated Stored Cross-Site Scripting via Service Requests
CVSS 6.5
CVE-2025-49745 MEDIUM
Microsoft Dynamics 365 9.1-<9.1.38.10 - Unauthenticated Cross-Site Scripting
CVSS 5.4
CVE-2025-49557 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-55166 MEDIUM
svg-sanitize < 0.22.0 - Open Redirect via XlinkHref Attribute Bypass
CVE-2025-54800 MEDIUM
Hydra < 2025-08-12 - Stored Cross-Site Scripting via Build Page
CVSS 6.1
Details
Vulnerabilities 45,142
Exploit Likelihood High