CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-54534
MEDIUM
JetBrains TeamCity < 2025.07 - Reflected Cross-Site Scripting on agentpushPreset Page
CVSS 4.8
CVE-2025-32731
MEDIUM
MedDream PACS Premium 7.3.5.860 - Reflected Cross-Site Scripting in radiationDoseReport.php
CVSS 6.1
CVE-2025-40730
MEDIUM
Chorus CMS - Stored Cross-Site Scripting via Search 'q' Parameter
CVE-2025-27802
MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting in RTE Properties
CVSS 4.8
CVE-2025-27801
MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting via SVG Upload
CVSS 4.8
CVE-2025-27800
MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting via Notes Gadget
CVSS 4.8
CVE-2025-8222
LOW
jerryshensjf JPACookieShop - Stored Cross-Site Scripting in GoodsController.java
CVSS 3.5
CVE-2025-8221
MEDIUM
jerryshensjf JPACookieShop - Cross-Site Scripting via GoodsCustController.java goodsSearch Function
CVSS 4.3
CVE-2025-54597
HIGH
LinuxServer.io Heimdall < 2.7.3 - Cross-Site Scripting via q Parameter
CVSS 7.2
CVE-2025-8211
LOW
Roothub < 2.6.0 - Cross-Site Scripting in SystemConfigAdminController Edit Function
CVSS 3.5
CVE-2025-8206
LOW
Comodo Dragon < 134.0.6998.179 - Cross-Site Scripting in IP DNS Leakage Detector
CVSS 3.1
CVE-2025-8191
LOW
macrozheng mall < 1.0.3 - Cross-Site Scripting via Swagger UI configUrl Parameter
CVSS 3.5
CVE-2025-5529
MEDIUM
Educenter <= 1.6.2 - Authenticated Stored Cross-Site Scripting via Circle Counter Block
CVSS 6.4
CVE-2025-7501
MEDIUM
Wonder Slider < 14.4 - Authenticated Stored Cross-Site Scripting via Image Title and Description
CVSS 6.4
CVE-2025-6987
MEDIUM
Advanced iFrame plugin <2025.5 - XSS
CVSS 6.4
CVE-2025-8167
LOW
Church Donation System 1.0 - Cross-Site Scripting via fname Parameter in Edit Members
CVSS 3.5
CVE-2025-46198
HIGH
Grav 1.7.46-1.7.48 - Cross-Site Scripting via IMG onerror Attribute
CVSS 8.8
CVE-2025-46199
CRITICAL
Grav < 1.7.48 - Cross-Site Scripting via Form Fields
CVSS 9.8
CVE-2025-45960
MEDIUM
tawk.to < 1.6.1 - Stored Cross-Site Scripting via User-Supplied Input
CVSS 6.1
CVE-2025-45893
MEDIUM
OpenCart < 4.1.0.4 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-45892
MEDIUM
OpenCart < 4.1.0.4 - Stored Cross-Site Scripting via Blog Editor
CVSS 6.1
CVE-2025-45406
MEDIUM
CodeIgniter4 v4.6.0 - Stored Cross-Site Scripting via Debugbar Time Parameter
CVSS 6.1
CVE-2025-52360
HIGH
Koha Library Management System <24.05 - XSS
CVSS 8.8
CVE-2025-51411
MEDIUM
Institute-of-Current-Students v1.0 - XSS
CVSS 6.1
CVE-2025-8155
LOW
D-Link DCS-6010L 1.15.03 - Cross-Site Scripting via paratest Parameter in Management Application
CVSS 3.5
Details
Vulnerabilities
45,142
Exploit Likelihood
High