CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-50848
MEDIUM
CS-Cart 4.18.3 - Unrestricted HTML File Upload and Cross-Site Scripting
CVSS 6.1
CVE-2025-51569
MEDIUM
LB-Link BL-CPE300M 01.01.02P42U14_06 - XSS
CVSS 6.1
CVE-2025-50270
MEDIUM
AnQiCMS 3.4.11 - Stored Cross-Site Scripting via Title, CategoryTitle, and TmpTag Parameters
CVSS 6.1
CVE-2025-54589
MEDIUM
copyparty < 1.18.7 - Reflected Cross-Site Scripting via Recent Uploads Filter Parameter
CVSS 6.3
CVE-2025-8380
LOW
Campcodes Online Hotel Reservation System 1.0 - Cross-Site Scripting via Name Parameter in add_query_account.php
CVSS 3.5
CVE-2025-40980
MEDIUM
UltimatePOS >=6.4 - Stored Cross-Site Scripting via Product Name Parameter
CVE-2025-24854
MEDIUM
Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin
CVSS 6.1
CVE-2025-24853
HIGH
Apache JSPWiki < 2.12.3 - Stored Cross-Site Scripting via Wiki Markup Header Link
CVSS 7.5
CVE-2025-7205
MEDIUM
GiveWP <= 4.5.0 - Authenticated Stored XSS via Donor Notes
CVSS 5.4
CVE-2025-41391
MEDIUM
PowerCMS 4.0-4.60 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-36563
MEDIUM
PowerCMS 4.0-4.60 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-8370
MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_escolaridade_lst.php descricao Parameter
CVSS 4.3
CVE-2025-8369
MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via titulo_avaliacao Parameter
CVSS 4.3
CVE-2025-8368
MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via campo_busca/cpf Parameters
CVSS 4.3
CVE-2025-8367
MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via nome Parameter in funcionario_vinculo_lst.php
CVSS 4.3
CVE-2025-8366
MEDIUM
Portabilis i-Educar 2.9 - Cross-Site Scripting via educar_servidor_lst.php nome/matricula_servidor Parameters
CVSS 4.3
CVE-2025-5720
MEDIUM
Customer Reviews for WooCommerce <5.80.2 - XSS
CVSS 6.4
CVE-2025-8365
LOW
Portabilis i-Educar 2.10 - Stored Cross-Site Scripting via atendidos_cad.php nome/nome_social/email Parameters
CVSS 3.5
CVE-2025-8346
MEDIUM
Portabilis i-Educar 2.10 - Cross-Site Scripting via ref_cod_matricula Parameter
CVSS 4.3
CVE-2025-8340
MEDIUM
Intern Membership Management System 1.0 - Cross-Site Scripting via Email Parameter in Error Message Handler
CVSS 4.3
CVE-2025-8337
LOW
Simple Car Rental System 1.0 - Cross-Site Scripting via car_name Parameter
CVSS 2.4
CVE-2025-52187
HIGH
GetProjectsIdea Create School Management System 1.0 - Stored Cross-Site Scripting in my_profile_update_form1.php
CVSS 8.2
CVE-2025-51954
MEDIUM
ai_playground < 1.1.9 - Cross-Site Scripting
CVSS 6.1
CVE-2025-51951
MEDIUM
andisearch < 0.5.249 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47001
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
Details
Vulnerabilities
45,142
Exploit Likelihood
High