CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-43735 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via google_gadget
CVSS 6.1
CVE-2025-8874 MEDIUM
Master Addons - Elementor Addons < 2.0.9.0 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2025-8314 MEDIUM
Software Issue Manager <5.0.1 - XSS
CVSS 6.4
CVE-2025-8690 MEDIUM
Simple Responsive Slider <2.0 - XSS
CVSS 6.4
CVE-2025-8688 MEDIUM
Inline Stock Quotes <= 0.2 - Authenticated Stored Cross-Site Scripting via Stock Shortcode
CVSS 6.4
CVE-2025-8685 MEDIUM
Wp chart generator plugin <1.0.4 - XSS
CVSS 6.4
CVE-2025-8568 MEDIUM
GMap Generator <= 1.1 - Authenticated Stored Cross-Site Scripting via 'h' Parameter
CVSS 6.4
CVE-2025-8462 MEDIUM
RT Easy Builder - WordPress <2.4 - XSS
CVSS 6.4
CVE-2025-42975 MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-42948 MEDIUM
SAP NetWeaver ABAP Platform - Unauthenticated Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-42942 MEDIUM
SAP NetWeaver Application Server for ABAP - XSS
CVSS 6.1
CVE-2025-8847 LOW
RuoYi < 4.8.1 - Cross-Site Scripting via Notice Title/Content in System Notice Edit
CVSS 3.5
CVE-2025-8661 MEDIUM
Symantec PGP Encryption - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-8834 LOW
JCG Link-net LW-N915R 17s.20.001.908 - XSS
CVSS 2.4
CVE-2025-8812 LOW
pybbs < 6.0.0 - Cross-Site Scripting in Admin Panel Settings Endpoint
CVSS 2.4
CVE-2025-8798 HIGH
oitcode samarium <= 0.9.6 - Unrestricted File Upload in Create Product Page
CVSS 7.3
CVE-2025-8788 LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters
CVSS 3.5
CVE-2025-8787 LOW
Portabilis i-Diario <= 1.5.0 - Stored Cross-Site Scripting in Registro das atividades
CVSS 3.5
CVE-2025-8786 LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Registro de atividades/Contedos Parameter
CVSS 3.5
CVE-2025-8785 LOW
Portabilis i-educar < 2.9.0 - Cross-Site Scripting via nm_pessoa/matricula/matricula_interna Parameters
CVSS 3.5
CVE-2025-8784 LOW
Portabilis i-educar < 2.9.0 - Stored Cross-Site Scripting via funcionario_vinculo_cad.php nome Parameter
CVSS 3.5
CVE-2025-8765 LOW
Datacom DM955 5GT 1200 825.8010.00 - XSS
CVSS 3.5
CVE-2025-7726 MEDIUM
The7 WordPress Builder <=12.6.0 - Authenticated Stored XSS via Lightbox Attributes
CVSS 6.4
CVE-2025-8751 LOW
Total WebShield < 3.2.0 - Cross-Site Scripting via Block Page Category Argument
CVSS 3.1
CVE-2025-8750 LOW
macrozheng mall < 1.0.3 - Cross-Site Scripting via Add Product Page File Upload
CVSS 2.4
Details
Vulnerabilities 45,142
Exploit Likelihood High