CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-32019
MEDIUM
Harbor < 2.11.3, 2.12.0-rc1-2.12.3, 2.13.0-rc1 - Stored Cross-Site Scripting in Info Tab Markdown Field
CVSS 4.1
CVE-2025-4700
HIGH
GitLab 15.10-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Cross-Site Scripting
CVSS 8.7
CVE-2025-4439
HIGH
GitLab 15.10-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Authenticated Cross-Site Scripting via CDN-Served Instance
CVSS 7.7
CVE-2025-50481
MEDIUM
Mezzanine CMS 6.1.0 - Stored Cross-Site Scripting via Blog Post Injection
CVSS 4.8
CVE-2025-40598
MEDIUM
SonicWall SMA 500v, SMA 210, SMA 410 < 10.2.2.1-90sv - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-4411
MEDIUM
Dataprom Informatics PACS-ACSS <16.05.2025 - XSS
CVSS 6.5
CVE-2025-54297
HIGH
CComment component for Joomla 5.0.0-6.1.14 - Stored Cross-Site Scripting
CVE-2025-54296
HIGH
ProFiles component for Joomla 1.0-1.5.0 - Stored Cross-Site Scripting
CVE-2025-54295
MEDIUM
DJ-Reviews component for Joomla 1.0-1.3.6 - Reflected Cross-Site Scripting
CVE-2025-27930
MEDIUM
ManageEngine Applications Manager <= 176600 - Stored Cross-Site Scripting in File/Directory Monitor
CVSS 6.4
CVE-2025-6261
MEDIUM
Fleetwire Fleet Management <1.0.19 - XSS
CVSS 6.4
CVE-2025-5753
MEDIUM
WordPress Valuation Calculator <1.3.2 - XSS
CVSS 6.4
CVE-2025-43488
MEDIUM
Poly Clariti Manager <10.12.2 - Auth Bypass
CVSS 4.8
CVE-2025-43486
MEDIUM
Poly Clariti Manager <10.12.1 - XSS
CVSS 4.8
CVE-2025-43484
MEDIUM
Poly Clariti Manager <10.12.1 - XSS
CVSS 6.1
CVE-2025-54141
HIGH
ViewVC 1.1.0-1.1.31 and 1.2.0-1.2.3 - Path Traversal via Standalone Script
CVSS 7.5
CVE-2025-41425
HIGH
DuraComm SPM-500 DP-10iN-100-MU < Version 4.10 - Cross-Site Scripting
CVSS 8.1
CVE-2025-51462
MEDIUM
RAGFlow 0.17.2 - Stored Cross-Site Scripting in Assistant Greeting Field
CVSS 6.1
CVE-2025-51464
HIGH
aimstack aim 3.28.0 - Stored Cross-Site Scripting via /api/reports Endpoint
CVSS 8.8
CVE-2025-8015
MEDIUM
Shortcodes Ultimate <= 7.4.2 - Authenticated Stored XSS via Image Title and Slide Link
CVSS 6.4
CVE-2025-51864
MEDIUM
AIBOX LLM chat - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-51863
MEDIUM
ChatGPT Unli thru 2025-05-26 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-51862
MEDIUM
TelegAI <2025-05-26 - Info Disclosure
CVSS 6.1
CVE-2025-51860
MEDIUM
TelegAI - Stored Cross-Site Scripting via AI Character SVG Payloads
CVSS 6.1
CVE-2025-51859
MEDIUM
Chaindesk thru 2025-05-26 - Stored Cross-Site Scripting via AI Agent System Prompt
CVSS 6.5
Details
Vulnerabilities
45,143
Exploit Likelihood
High