CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-6259
MEDIUM
esri-map-view <= 1.2.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-6256
MEDIUM
Flex Guten < 1.2.5 - Authenticated Stored Cross-Site Scripting via Thumbnail Hover Effect Parameter
CVSS 6.4
CVE-2025-54571
MEDIUM
OWASP ModSecurity < 2.9.12 - HTTP Response Content-Type Override
CVSS 6.1
CVE-2025-32430
MEDIUM
XWiki Platform - Cross-Site Scripting
CVSS 6.1
CVE-2025-8573
MEDIUM
Concrete CMS 9.0-9.4.2 - Stored Cross-Site Scripting via Home Folder on Members Dashboard
CVSS 4.8
CVE-2025-8571
MEDIUM
Concrete CMS < 8.5.21 and 9.0.0-9.4.2 - Reflected Cross-Site Scripting in Conversation Messages Dashboard Page
CVSS 4.8
CVE-2025-51541
MEDIUM
Shopware 6.1.0-6.2.3 - Stored Cross-Site Scripting in Database Configuration Interface
CVSS 6.1
CVE-2025-50592
MEDIUM
SeaCMS < 13.2 - Cross-Site Scripting via vid Parameter
CVSS 5.4
CVE-2025-51857
MEDIUM
Halo < 2.20.18LTS - Cross-Site Scripting in AttachmentReconciler
CVSS 6.1
CVE-2025-46958
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-8555
LOW
pybbs < 6.0.0 - Cross-Site Scripting via Search Keyword Parameter
CVSS 3.5
CVE-2025-8554
LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin User List
CVSS 2.4
CVE-2025-8553
LOW
pybbs < 6.0.0 - Cross-Site Scripting via Sensitive Word List Argument
CVSS 2.4
CVE-2025-8552
LOW
pybbs < 6.0.0 - Cross-Site Scripting via /admin/tag/list Name Parameter
CVSS 2.4
CVE-2025-8551
LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Comment List
CVSS 3.5
CVE-2025-8295
MEDIUM
Employee Directory plugin - WordPress <4.5.1 - XSS
CVSS 6.4
CVE-2025-8294
MEDIUM
WordPress Download Counter <1.4 - XSS
CVSS 6.4
CVE-2025-8550
LOW
pybbs < 6.0.0 - Cross-Site Scripting via Username Parameter in Admin Topic List
CVSS 2.4
CVE-2025-8315
MEDIUM
WordPress Simple Contact Form Plugin <= 4.0.1 - Authenticated Stored XSS via noaccess_msg
CVSS 6.4
CVE-2025-8313
MEDIUM
WordPress Campus Directory <1.9.1 - XSS
CVSS 6.4
CVE-2025-7050
HIGH
WordPress Use-your-Drive | Google Drive <3.3.1 - XSS
CVSS 7.2
CVE-2025-8545
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_motivo Parameter
CVSS 2.4
CVE-2025-8544
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via /module/RegraAvaliacao/edit nome Parameter
CVSS 2.4
CVE-2025-8543
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nm_raca Parameter in educar_raca_cad.php
CVSS 2.4
CVE-2025-8542
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via fantasia/razao_social Parameter
CVSS 2.4
Details
Vulnerabilities
45,142
Exploit Likelihood
High