CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-43735
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via google_gadget
CVSS 6.1
CVE-2025-8874
MEDIUM
Master Addons - Elementor Addons < 2.0.9.0 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2025-8314
MEDIUM
Software Issue Manager <5.0.1 - XSS
CVSS 6.4
CVE-2025-8690
MEDIUM
Simple Responsive Slider <2.0 - XSS
CVSS 6.4
CVE-2025-8688
MEDIUM
Inline Stock Quotes <= 0.2 - Authenticated Stored Cross-Site Scripting via Stock Shortcode
CVSS 6.4
CVE-2025-8685
MEDIUM
Wp chart generator plugin <1.0.4 - XSS
CVSS 6.4
CVE-2025-8568
MEDIUM
GMap Generator <= 1.1 - Authenticated Stored Cross-Site Scripting via 'h' Parameter
CVSS 6.4
CVE-2025-8462
MEDIUM
RT Easy Builder - WordPress <2.4 - XSS
CVSS 6.4
CVE-2025-42975
MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-42948
MEDIUM
SAP NetWeaver ABAP Platform - Unauthenticated Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-42942
MEDIUM
SAP NetWeaver Application Server for ABAP - XSS
CVSS 6.1
CVE-2025-8847
LOW
RuoYi < 4.8.1 - Cross-Site Scripting via Notice Title/Content in System Notice Edit
CVSS 3.5
CVE-2025-8661
MEDIUM
Symantec PGP Encryption - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-8834
LOW
JCG Link-net LW-N915R 17s.20.001.908 - XSS
CVSS 2.4
CVE-2025-8812
LOW
pybbs < 6.0.0 - Cross-Site Scripting in Admin Panel Settings Endpoint
CVSS 2.4
CVE-2025-8798
HIGH
oitcode samarium <= 0.9.6 - Unrestricted File Upload in Create Product Page
CVSS 7.3
CVE-2025-8788
LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Parecer/Contedos/Objetivos Parameters
CVSS 3.5
CVE-2025-8787
LOW
Portabilis i-Diario <= 1.5.0 - Stored Cross-Site Scripting in Registro das atividades
CVSS 3.5
CVE-2025-8786
LOW
Portabilis i-Diario < 1.5.0 - Stored Cross-Site Scripting via Registro de atividades/Contedos Parameter
CVSS 3.5
CVE-2025-8785
LOW
Portabilis i-educar < 2.9.0 - Cross-Site Scripting via nm_pessoa/matricula/matricula_interna Parameters
CVSS 3.5
CVE-2025-8784
LOW
Portabilis i-educar < 2.9.0 - Stored Cross-Site Scripting via funcionario_vinculo_cad.php nome Parameter
CVSS 3.5
CVE-2025-8765
LOW
Datacom DM955 5GT 1200 825.8010.00 - XSS
CVSS 3.5
CVE-2025-7726
MEDIUM
The7 WordPress Builder <=12.6.0 - Authenticated Stored XSS via Lightbox Attributes
CVSS 6.4
CVE-2025-8751
LOW
Total WebShield < 3.2.0 - Cross-Site Scripting via Block Page Category Argument
CVSS 3.1
CVE-2025-8750
LOW
macrozheng mall < 1.0.3 - Cross-Site Scripting via Add Product Page File Upload
CVSS 2.4
Details
Vulnerabilities
45,142
Exploit Likelihood
High