CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-8541 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_uf_cad.php
CVSS 2.4
CVE-2025-8540 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in public_municipio_cad.php
CVSS 2.4
CVE-2025-8539 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via nome Parameter in /intranet/public_distrito_cad.php
CVSS 2.4
CVE-2025-8538 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via User Type Name/Description Parameter
CVSS 2.4
CVE-2025-8535 LOW
NanoVault < 1.2.1 - Cross-Site Scripting via xrb URL Handler
CVSS 3.5
CVE-2025-4604 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.19 - Cross-Site Scripting via Captcha Bypass
CVSS 6.1
CVE-2025-4599 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated XSS via Fragment Preview postMessage
CVSS 6.1
CVE-2025-50754 CRITICAL
Unisite CMS 5.0 - Stored Cross-Site Scripting in Report Functionality
CVSS 9.6
CVE-2025-8521 LOW
Vvveb < 1.0.6 - Cross-Site Scripting in Add Type Handler
CVSS 2.4
CVE-2025-51534 HIGH
OpenAtlas < 8.12.0 - Stored Cross-Site Scripting via Name Field
CVSS 8.1
CVE-2025-26065 HIGH
Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 - Stored Cross-Site Scripting via Wi-Fi Network Name
CVSS 7.3
CVE-2025-36605 MEDIUM
Dell Unity Operating Environment < 5.5.1.0 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-8511 LOW
Portabilis i-Diario 1.5.0 - Stored Cross-Site Scripting in Observaes Descrio Parameter
CVSS 3.5
CVE-2025-8510 LOW
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_aluno Parameter
CVSS 3.5
CVE-2025-8509 LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via educar_servidor_cad.php matricula Parameter
CVSS 3.5
CVE-2025-8508 LOW
Portabilis i-Educar 2.9 - Stored Cross-Site Scripting via titulo_avaliacao and descricao Parameters
CVSS 3.5
CVE-2025-8507 LOW
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_funcao_lst.php nm_funcao/abreviatura Parameter
CVSS 3.5
CVE-2025-8506 LOW
wx-shop <de1b66331368695779cfc6e4d11a64caddf8716e - XSS
CVSS 3.5
CVE-2025-8501 LOW
Human Resource Integrated System 1.0 - Cross-Site Scripting via action.php content Parameter
CVSS 3.5
CVE-2025-52133 MEDIUM
Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Calendar Import Title
CVSS 6.4
CVE-2025-52132 MEDIUM
Mocca Calendar < 2.15 - Cross-Site Scripting via Event Title
CVSS 6.4
CVE-2025-52131 MEDIUM
Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Background or Text Color Field
CVSS 6.4
CVE-2025-7500 MEDIUM
Ocean Social Sharing < 2.2.1 - Authenticated Stored Cross-Site Scripting via Social Icon Titles
CVSS 6.4
CVE-2025-8400 MEDIUM
Image Gallery plugin - WordPress <1.0.0 - XSS
CVSS 6.1
CVE-2025-8399 MEDIUM
Mmm Unity Loader <= 1.0 - Authenticated Stored Cross-Site Scripting via Attributes Parameter
CVSS 6.4
Details
Vulnerabilities 45,142
Exploit Likelihood High