CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-8541
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_uf_cad.php
CVSS 2.4
CVE-2025-8540
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_municipio_cad.php
CVSS 2.4
CVE-2025-8539
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in /intranet/public_distrito_cad.php
CVSS 2.4
CVE-2025-8538
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via User Type Name/Description Parameter
CVSS 2.4
CVE-2025-8535
LOW
NanoVault < 1.2.1 - Cross-Site Scripting via xrb URL Handler
CVSS 3.5
CVE-2025-4604
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.19 - Cross-Site Scripting via Captcha Bypass
CVSS 6.1
CVE-2025-4599
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated XSS via Fragment Preview postMessage
CVSS 6.1
CVE-2025-50754
CRITICAL
Unisite CMS 5.0 - Stored Cross-Site Scripting in Report Functionality
CVSS 9.6
CVE-2025-8521
LOW
Vvveb < 1.0.6 - Cross-Site Scripting in Add Type Handler
CVSS 2.4
CVE-2025-51534
HIGH
OpenAtlas < 8.12.0 - Stored Cross-Site Scripting via Name Field
CVSS 8.1
CVE-2025-26065
HIGH
Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 - Stored Cross-Site Scripting via Wi-Fi Network Name
CVSS 7.3
CVE-2025-36605
MEDIUM
Dell Unity Operating Environment < 5.5.1.0 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-8511
LOW
Portabilis i-Diario 1.5.0 - Stored Cross-Site Scripting in Observaes Descrio Parameter
CVSS 3.5
CVE-2025-8510
LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_aluno Parameter
CVSS 3.5
CVE-2025-8509
LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via educar_servidor_cad.php matricula Parameter
CVSS 3.5
CVE-2025-8508
LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via titulo_avaliacao and descricao Parameters
CVSS 3.5
CVE-2025-8507
LOW
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_funcao_lst.php nm_funcao/abreviatura Parameter
CVSS 3.5
CVE-2025-8506
LOW
wx-shop <de1b66331368695779cfc6e4d11a64caddf8716e - XSS
CVSS 3.5
CVE-2025-8501
LOW
Human Resource Integrated System 1.0 - Cross-Site Scripting via action.php content Parameter
CVSS 3.5
CVE-2025-52133
MEDIUM
Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Calendar Import Title
CVSS 6.4
CVE-2025-52132
MEDIUM
Mocca Calendar < 2.15 - Cross-Site Scripting via Event Title
CVSS 6.4
CVE-2025-52131
MEDIUM
Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Background or Text Color Field
CVSS 6.4
CVE-2025-7500
MEDIUM
Ocean Social Sharing < 2.2.1 - Authenticated Stored Cross-Site Scripting via Social Icon Titles
CVSS 6.4
CVE-2025-8400
MEDIUM
Image Gallery plugin - WordPress <1.0.0 - XSS
CVSS 6.1
CVE-2025-8399
MEDIUM
Mmm Unity Loader <= 1.0 - Authenticated Stored Cross-Site Scripting via Attributes Parameter
CVSS 6.4
Details
Vulnerabilities
45,142
Exploit Likelihood
High