CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-6259 MEDIUM
esri-map-view <= 1.2.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6256 MEDIUM
Flex Guten < 1.2.5 - Authenticated Stored Cross-Site Scripting via Thumbnail Hover Effect Parameter
CVSS 6.4
CVE-2025-54571 MEDIUM
OWASP ModSecurity < 2.9.12 - HTTP Response Content-Type Override
CVSS 6.1
CVE-2025-32430 MEDIUM
XWiki Platform - Cross-Site Scripting
CVSS 6.1
CVE-2025-8573 MEDIUM
Concrete CMS 9.0-9.4.2 - Stored Cross-Site Scripting via Home Folder on Members Dashboard
CVSS 4.8
CVE-2025-8571 MEDIUM
Concrete CMS < 8.5.21 and 9.0.0-9.4.2 - Reflected Cross-Site Scripting in Conversation Messages Dashboard Page
CVSS 4.8
CVE-2025-51541 MEDIUM
Shopware 6.1.0-6.2.3 - Stored Cross-Site Scripting in Database Configuration Interface
CVSS 6.1
CVE-2025-50592 MEDIUM
SeaCMS < 13.2 - Cross-Site Scripting via vid Parameter
CVSS 5.4
CVE-2025-51857 MEDIUM
Halo < 2.20.18LTS - Cross-Site Scripting in AttachmentReconciler
CVSS 6.1
CVE-2025-46958 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-8555 LOW
pybbs < 6.0.0 - Cross-Site Scripting via Search Keyword Parameter
CVSS 3.5
CVE-2025-8554 LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin User List
CVSS 2.4
CVE-2025-8553 LOW
pybbs < 6.0.0 - Cross-Site Scripting via Sensitive Word List Argument
CVSS 2.4
CVE-2025-8552 LOW
pybbs < 6.0.0 - Cross-Site Scripting via /admin/tag/list Name Parameter
CVSS 2.4
CVE-2025-8551 LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Comment List
CVSS 3.5
CVE-2025-8295 MEDIUM
Employee Directory plugin - WordPress <4.5.1 - XSS
CVSS 6.4
CVE-2025-8294 MEDIUM
WordPress Download Counter <1.4 - XSS
CVSS 6.4
CVE-2025-8550 LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Topic List
CVSS 2.4
CVE-2025-8315 MEDIUM
WordPress Simple Contact Form Plugin <= 4.0.1 - Authenticated Stored XSS via noaccess_msg
CVSS 6.4
CVE-2025-8313 MEDIUM
WordPress Campus Directory <1.9.1 - XSS
CVSS 6.4
CVE-2025-7050 HIGH
WordPress Use-your-Drive | Google Drive <3.3.1 - XSS
CVSS 7.2
CVE-2025-8545 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_motivo Parameter
CVSS 2.4
CVE-2025-8544 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via /module/RegraAvaliacao/edit nome Parameter
CVSS 2.4
CVE-2025-8543 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_raca Parameter in educar_raca_cad.php
CVSS 2.4
CVE-2025-8542 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via fantasia/razao_social Parameter
CVSS 2.4
Details
Vulnerabilities 45,142
Exploit Likelihood High