CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-50848 MEDIUM
CS-Cart 4.18.3 - Unrestricted HTML File Upload and Cross-Site Scripting
CVSS 6.1
CVE-2025-51569 MEDIUM
LB-Link BL-CPE300M 01.01.02P42U14_06 - XSS
CVSS 6.1
CVE-2025-50270 MEDIUM
AnQiCMS 3.4.11 - Stored Cross-Site Scripting via Title, CategoryTitle, and TmpTag Parameters
CVSS 6.1
CVE-2025-54589 MEDIUM
copyparty < 1.18.7 - Reflected Cross-Site Scripting via Recent Uploads Filter Parameter
CVSS 6.3
CVE-2025-8380 LOW
Campcodes Online Hotel Reservation System 1.0 - Cross-Site Scripting via Name Parameter in add_query_account.php
CVSS 3.5
CVE-2025-40980 MEDIUM
UltimatePOS >=6.4 - Stored Cross-Site Scripting via Product Name Parameter
CVE-2025-24854 MEDIUM
Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin
CVSS 6.1
CVE-2025-24853 HIGH
Apache JSPWiki < 2.12.3 - Stored Cross-Site Scripting via Wiki Markup Header Link
CVSS 7.5
CVE-2025-7205 MEDIUM
GiveWP <= 4.5.0 - Authenticated Stored XSS via Donor Notes
CVSS 5.4
CVE-2025-41391 MEDIUM
PowerCMS 4.0-4.60 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-36563 MEDIUM
PowerCMS 4.0-4.60 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8370 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_escolaridade_lst.php descricao Parameter
CVSS 4.3
CVE-2025-8369 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via titulo_avaliacao Parameter
CVSS 4.3
CVE-2025-8368 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via campo_busca/cpf Parameters
CVSS 4.3
CVE-2025-8367 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via nome Parameter in funcionario_vinculo_lst.php
CVSS 4.3
CVE-2025-8366 MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_servidor_lst.php nome/matricula_servidor Parameters
CVSS 4.3
CVE-2025-5720 MEDIUM
Customer Reviews for WooCommerce <5.80.2 - XSS
CVSS 6.4
CVE-2025-8365 LOW
Portabilis i-Educar 2.10 - Stored Cross-Site Scripting via atendidos_cad.php nome/nome_social/email Parameters
CVSS 3.5
CVE-2025-8346 MEDIUM
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_matricula Parameter
CVSS 4.3
CVE-2025-8340 MEDIUM
Intern Membership Management System 1.0 - Cross-Site Scripting via Email Parameter in Error Message Handler
CVSS 4.3
CVE-2025-8337 LOW
Simple Car Rental System 1.0 - Cross-Site Scripting via car_name Parameter
CVSS 2.4
CVE-2025-52187 HIGH
GetProjectsIdea Create School Management System 1.0 - Stored Cross-Site Scripting in my_profile_update_form1.php
CVSS 8.2
CVE-2025-51954 MEDIUM
ai_playground < 1.1.9 - Cross-Site Scripting
CVSS 6.1
CVE-2025-51951 MEDIUM
andisearch < 0.5.249 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47001 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
Details
Vulnerabilities 45,142
Exploit Likelihood High