CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-54534 MEDIUM
JetBrains TeamCity < 2025.07 - Reflected Cross-Site Scripting on agentpushPreset Page
CVSS 4.8
CVE-2025-32731 MEDIUM
MedDream PACS Premium 7.3.5.860 - Reflected Cross-Site Scripting in radiationDoseReport.php
CVSS 6.1
CVE-2025-40730 MEDIUM
Chorus CMS - Stored Cross-Site Scripting via Search 'q' Parameter
CVE-2025-27802 MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting in RTE Properties
CVSS 4.8
CVE-2025-27801 MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting via SVG Upload
CVSS 4.8
CVE-2025-27800 MEDIUM
Optimizely Episerver CMS 11.x < 11.21.4 and 12.x < 12.22.1 - Authenticated Stored Cross-Site Scripting via Notes Gadget
CVSS 4.8
CVE-2025-8222 LOW
jerryshensjf JPACookieShop - Stored Cross-Site Scripting in GoodsController.java
CVSS 3.5
CVE-2025-8221 MEDIUM
jerryshensjf JPACookieShop - Cross-Site Scripting via GoodsCustController.java goodsSearch Function
CVSS 4.3
CVE-2025-54597 HIGH
LinuxServer.io Heimdall < 2.7.3 - Cross-Site Scripting via q Parameter
CVSS 7.2
CVE-2025-8211 LOW
Roothub < 2.6.0 - Cross-Site Scripting in SystemConfigAdminController Edit Function
CVSS 3.5
CVE-2025-8206 LOW
Comodo Dragon < 134.0.6998.179 - Cross-Site Scripting in IP DNS Leakage Detector
CVSS 3.1
CVE-2025-8191 LOW
macrozheng mall < 1.0.3 - Cross-Site Scripting via Swagger UI configUrl Parameter
CVSS 3.5
CVE-2025-5529 MEDIUM
Educenter <= 1.6.2 - Authenticated Stored Cross-Site Scripting via Circle Counter Block
CVSS 6.4
CVE-2025-7501 MEDIUM
Wonder Slider < 14.4 - Authenticated Stored Cross-Site Scripting via Image Title and Description
CVSS 6.4
CVE-2025-6987 MEDIUM
Advanced iFrame plugin <2025.5 - XSS
CVSS 6.4
CVE-2025-8167 LOW
Church Donation System 1.0 - Cross-Site Scripting via fname Parameter in Edit Members
CVSS 3.5
CVE-2025-46198 HIGH
Grav 1.7.46-1.7.48 - Cross-Site Scripting via IMG onerror Attribute
CVSS 8.8
CVE-2025-46199 CRITICAL
Grav < 1.7.48 - Cross-Site Scripting via Form Fields
CVSS 9.8
CVE-2025-45960 MEDIUM
tawk.to < 1.6.1 - Stored Cross-Site Scripting via User-Supplied Input
CVSS 6.1
CVE-2025-45893 MEDIUM
OpenCart < 4.1.0.4 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-45892 MEDIUM
OpenCart < 4.1.0.4 - Stored Cross-Site Scripting via Blog Editor
CVSS 6.1
CVE-2025-45406 MEDIUM
CodeIgniter4 v4.6.0 - Stored Cross-Site Scripting via Debugbar Time Parameter
CVSS 6.1
CVE-2025-52360 HIGH
Koha Library Management System <24.05 - XSS
CVSS 8.8
CVE-2025-51411 MEDIUM
Institute-of-Current-Students v1.0 - XSS
CVSS 6.1
CVE-2025-8155 LOW
D-Link DCS-6010L 1.15.03 - Cross-Site Scripting via paratest Parameter in Management Application
CVSS 3.5
Details
Vulnerabilities 45,142
Exploit Likelihood High