CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-32019 MEDIUM
Harbor < 2.11.3, 2.12.0-rc1-2.12.3, 2.13.0-rc1 - Stored Cross-Site Scripting in Info Tab Markdown Field
CVSS 4.1
CVE-2025-4700 HIGH
GitLab 15.10-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Cross-Site Scripting
CVSS 8.7
CVE-2025-4439 HIGH
GitLab 15.10-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Authenticated Cross-Site Scripting via CDN-Served Instance
CVSS 7.7
CVE-2025-50481 MEDIUM
Mezzanine CMS 6.1.0 - Stored Cross-Site Scripting via Blog Post Injection
CVSS 4.8
CVE-2025-40598 MEDIUM
SonicWall SMA 500v, SMA 210, SMA 410 < 10.2.2.1-90sv - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-4411 MEDIUM
Dataprom Informatics PACS-ACSS <16.05.2025 - XSS
CVSS 6.5
CVE-2025-54297 HIGH
CComment component for Joomla 5.0.0-6.1.14 - Stored Cross-Site Scripting
CVE-2025-54296 HIGH
ProFiles component for Joomla 1.0-1.5.0 - Stored Cross-Site Scripting
CVE-2025-54295 MEDIUM
DJ-Reviews component for Joomla 1.0-1.3.6 - Reflected Cross-Site Scripting
CVE-2025-27930 MEDIUM
ManageEngine Applications Manager <= 176600 - Stored Cross-Site Scripting in File/Directory Monitor
CVSS 6.4
CVE-2025-6261 MEDIUM
Fleetwire Fleet Management <1.0.19 - XSS
CVSS 6.4
CVE-2025-5753 MEDIUM
WordPress Valuation Calculator <1.3.2 - XSS
CVSS 6.4
CVE-2025-43488 MEDIUM
Poly Clariti Manager <10.12.2 - Auth Bypass
CVSS 4.8
CVE-2025-43486 MEDIUM
Poly Clariti Manager <10.12.1 - XSS
CVSS 4.8
CVE-2025-43484 MEDIUM
Poly Clariti Manager <10.12.1 - XSS
CVSS 6.1
CVE-2025-54141 HIGH
ViewVC 1.1.0-1.1.31 and 1.2.0-1.2.3 - Path Traversal via Standalone Script
CVSS 7.5
CVE-2025-41425 HIGH
DuraComm SPM-500 DP-10iN-100-MU < Version 4.10 - Cross-Site Scripting
CVSS 8.1
CVE-2025-51462 MEDIUM
RAGFlow 0.17.2 - Stored Cross-Site Scripting in Assistant Greeting Field
CVSS 6.1
CVE-2025-51464 HIGH
aimstack aim 3.28.0 - Stored Cross-Site Scripting via /api/reports Endpoint
CVSS 8.8
CVE-2025-8015 MEDIUM
Shortcodes Ultimate <= 7.4.2 - Authenticated Stored XSS via Image Title and Slide Link
CVSS 6.4
CVE-2025-51864 MEDIUM
AIBOX LLM chat - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-51863 MEDIUM
ChatGPT Unli thru 2025-05-26 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2025-51862 MEDIUM
TelegAI <2025-05-26 - Info Disclosure
CVSS 6.1
CVE-2025-51860 MEDIUM
TelegAI - Stored Cross-Site Scripting via AI Character SVG Payloads
CVSS 6.1
CVE-2025-51859 MEDIUM
Chaindesk thru 2025-05-26 - Stored Cross-Site Scripting via AI Agent System Prompt
CVSS 6.5
Details
Vulnerabilities 45,143
Exploit Likelihood High