CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-8743 LOW
scada-lts < 2.7.8.1 - Stored Cross-Site Scripting in Virtual Data Source Property Handler via Name Parameter
CVSS 3.5
CVE-2025-8740 LOW
zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Scripting via Category Name Parameter
CVSS 2.4
CVE-2025-50927 MEDIUM
EHCP 20.04.1.b - Authenticated Reflected Cross-Site Scripting via FTP Username Parameter
CVSS 6.3
CVE-2025-4576 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.15 - Unauthenticated XSS in Blog Entry Cover Image Caption
CVSS 6.1
CVE-2025-51629 HIGH
Agenzia Impresa Eccobook 2.81.1 - XSS
CVSS 8.8
CVE-2025-54395 MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Cross-Site Scripting in Authentication Configuration
CVSS 6.1
CVE-2025-54392 MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Cross-Site Scripting via Authentication Error Data
CVSS 6.1
CVE-2025-55134 MEDIUM
Agora Foundation Agora fall23-Alpha1 - XSS
CVSS 6.4
CVE-2025-55133 MEDIUM
Agora Foundation Agora fall23-Alpha1 - XSS
CVSS 6.4
CVE-2025-8581 MEDIUM
Google Chrome < 139.0.7258.66 - Cross-Origin Data Leak via Extensions
CVSS 4.3
CVE-2025-8580 MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Filesystem Implementation
CVSS 4.3
CVE-2025-8579 MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Picture In Picture
CVSS 4.3
CVE-2025-8577 MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Picture In Picture
CVSS 4.3
CVE-2025-54784 MEDIUM
SuiteCRM 7.14.0-7.14.6 - Stored Cross-Site Scripting in Email Viewer
CVSS 6.1
CVE-2025-54783 MEDIUM
SuiteCRM < 7.14.7 - Reflected Cross-Site Scripting via HTTP Referer Header
CVSS 6.1
CVE-2025-51053 MEDIUM
Vedo Suite 2024.17 - Stored Cross-Site Scripting via /api_vedo/ Endpoint
CVSS 6.1
CVE-2025-50740 MEDIUM
AutoConnect 1.4.2 - Cross-Site Scripting via Network SSID
CVSS 6.1
CVE-2025-51624 HIGH
Zone Bitaqati <= 3.4.0 - Cross-Site Scripting
CVSS 7.6
CVE-2025-51531 MEDIUM
Sage DPW < 2025_06_000 - Reflected Cross-Site Scripting via tabfields Parameter
CVSS 6.1
CVE-2025-7727 MEDIUM
Gutenverse < 3.1.0 - Authenticated Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks
CVSS 6.4
CVE-2025-8100 MEDIUM
Element Pack Elementor Addons <= 8.1.5 - Authenticated Stored XSS via Marker Content
CVSS 5.4
CVE-2025-7498 MEDIUM
Exclusive Addons for Elementor <2.7.9.4 - XSS
CVSS 6.4
CVE-2025-7399 MEDIUM
Betheme <= 28.1.3 - Authenticated Stored Cross-Site Scripting via Elementor Display Setting
CVSS 6.4
CVE-2025-7502 MEDIUM
WPBakery Page Builder <= 8.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6690 MEDIUM
WP Tournament Registration <1.3.0 - XSS
CVSS 6.4
Details
Vulnerabilities 45,142
Exploit Likelihood High