CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-8743
LOW
scada-lts < 2.7.8.1 - Stored Cross-Site Scripting in Virtual Data Source Property Handler via Name Parameter
CVSS 3.5
CVE-2025-8740
LOW
zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Scripting via Category Name Parameter
CVSS 2.4
CVE-2025-50927
MEDIUM
EHCP 20.04.1.b - Authenticated Reflected Cross-Site Scripting via FTP Username Parameter
CVSS 6.3
CVE-2025-4576
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.15 - Unauthenticated XSS in Blog Entry Cover Image Caption
CVSS 6.1
CVE-2025-51629
HIGH
Agenzia Impresa Eccobook 2.81.1 - XSS
CVSS 8.8
CVE-2025-54395
MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Cross-Site Scripting in Authentication Configuration
CVSS 6.1
CVE-2025-54392
MEDIUM
Netwrix Directory Manager 11.0.0.0-11.1.25162.02 - Cross-Site Scripting via Authentication Error Data
CVSS 6.1
CVE-2025-55134
MEDIUM
Agora Foundation Agora fall23-Alpha1 - XSS
CVSS 6.4
CVE-2025-55133
MEDIUM
Agora Foundation Agora fall23-Alpha1 - XSS
CVSS 6.4
CVE-2025-8581
MEDIUM
Google Chrome < 139.0.7258.66 - Cross-Origin Data Leak via Extensions
CVSS 4.3
CVE-2025-8580
MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Filesystem Implementation
CVSS 4.3
CVE-2025-8579
MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Picture In Picture
CVSS 4.3
CVE-2025-8577
MEDIUM
Google Chrome < 139.0.7258.66 - UI Spoofing via Picture In Picture
CVSS 4.3
CVE-2025-54784
MEDIUM
SuiteCRM 7.14.0-7.14.6 - Stored Cross-Site Scripting in Email Viewer
CVSS 6.1
CVE-2025-54783
MEDIUM
SuiteCRM < 7.14.7 - Reflected Cross-Site Scripting via HTTP Referer Header
CVSS 6.1
CVE-2025-51053
MEDIUM
Vedo Suite 2024.17 - Stored Cross-Site Scripting via /api_vedo/ Endpoint
CVSS 6.1
CVE-2025-50740
MEDIUM
AutoConnect 1.4.2 - Cross-Site Scripting via Network SSID
CVSS 6.1
CVE-2025-51624
HIGH
Zone Bitaqati <= 3.4.0 - Cross-Site Scripting
CVSS 7.6
CVE-2025-51531
MEDIUM
Sage DPW < 2025_06_000 - Reflected Cross-Site Scripting via tabfields Parameter
CVSS 6.1
CVE-2025-7727
MEDIUM
Gutenverse < 3.1.0 - Authenticated Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks
CVSS 6.4
CVE-2025-8100
MEDIUM
Element Pack Elementor Addons <= 8.1.5 - Authenticated Stored XSS via Marker Content
CVSS 5.4
CVE-2025-7498
MEDIUM
Exclusive Addons for Elementor <2.7.9.4 - XSS
CVSS 6.4
CVE-2025-7399
MEDIUM
Betheme <= 28.1.3 - Authenticated Stored Cross-Site Scripting via Elementor Display Setting
CVSS 6.4
CVE-2025-7502
MEDIUM
WPBakery Page Builder <= 8.5 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6690
MEDIUM
WP Tournament Registration <1.3.0 - XSS
CVSS 6.4
Details
Vulnerabilities
45,142
Exploit Likelihood
High