CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-51858 MEDIUM
ChatPlayground.ai <2025-05-24 - XSS
CVSS 6.1
CVE-2025-4294 MEDIUM
HotelRunner B2B < 04.06.2025 - Cross-Site Scripting
CVSS 4.8
CVE-2025-34141 MEDIUM
ETQ Reliance CG (legacy) < SE.2025.1 - Reflected Cross-Site Scripting in SQLConverterServlet
CVE-2025-4284 MEDIUM
Rolantis Information Technologies Agentis <4.32 - XSS
CVSS 6.1
CVE-2025-7644 MEDIUM
Pixel Gallery Addons - WordPress <1.6.7 - XSS
CVSS 6.4
CVE-2025-7495 MEDIUM
WP-Members Membership Plugin <3.5.4.1 - XSS
CVSS 6.4
CVE-2025-7951 LOW
code-projects Public Chat Room 1.0 - XSS
CVSS 3.5
CVE-2025-6831 MEDIUM
WordPress User Registration 0-4.2.4 - XSS
CVSS 6.4
CVE-2025-5240 MEDIUM
CRM and Lead Management by vcita <= 2.7.5 - Authenticated Stored Cross-Site Scripting via Type Parameter
CVSS 6.4
CVE-2025-7946 MEDIUM
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 4.3
CVE-2025-7944 MEDIUM
PHPGurukul Taxi Stand Management System 1.0 - XSS
CVSS 4.3
CVE-2025-7943 MEDIUM
PHPGurukul Taxi Stand Management System 1.0 - XSS
CVSS 4.3
CVE-2025-7486 MEDIUM
Ebook Store <= 5.8012 - Authenticated Stored Cross-Site Scripting via Order Details
CVSS 4.4
CVE-2025-7942 LOW
PHPGurukul Taxi Stand Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7941 LOW
PHPGurukul Time Table Generator System 1.0 - XSS
CVSS 3.5
CVE-2025-54128 MEDIUM
haxcms-nodejs < 11.0.8 - Cross-Site Scripting via Disabled Content Security Policy
CVSS 6.1
CVE-2025-53528 HIGH
Cadwyn < 5.4.3 - Reflected Cross-Site Scripting via Docs Endpoint Version Parameter
CVSS 7.6
CVE-2025-51403 MEDIUM
Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Department Alias Nick Parameter
CVSS 6.5
CVE-2025-51401 MEDIUM
live_helper_chat < 4.61 - Stored Cross-Site Scripting via Operator Name Parameter
CVSS 5.4
CVE-2025-51400 MEDIUM
live_helper_chat < 4.61 - Stored Cross-Site Scripting in Personal Canned Messages
CVSS 5.4
CVE-2025-51398 MEDIUM
livehelperchat < 4.61 - Stored Cross-Site Scripting via Facebook Registration Name Parameter
CVSS 5.4
CVE-2025-51396 MEDIUM
Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Telegram Bot Username Parameter
CVSS 5.4
CVE-2025-7716 MEDIUM
Real-time SEO for Drupal 8.x-2.0-8.x-2.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-7715 MEDIUM
Drupal Block Attributes <2.0.1 - XSS
CVSS 6.1
CVE-2025-7392 MEDIUM
Drupal Cookies Addons 1.0.0-1.2.3 - Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 45,143
Exploit Likelihood High