CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-7926 LOW
PHPGurukul Online Banquet Booking System 1.0 - XSS
CVSS 3.5
CVE-2025-6235 MEDIUM
ExtremeControl < 25.5.12 - Cross-Site Scripting in Login Interface
CVSS 6.1
CVE-2025-7925 MEDIUM
PHPGurukul Online Banquet Booking System 1.0 - XSS
CVSS 4.3
CVE-2025-7924 LOW
PHPGurukul Online Banquet Booking System 1.0 - XSS
CVSS 3.5
CVE-2025-41681 MEDIUM
mbnet.mini_firmware < 2.3.3 - Stored Cross-Site Scripting via POST Request
CVSS 4.8
CVE-2025-7354 MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-4685 MEDIUM
Gutentor - Gutenberg Blocks <= 3.4.8 - Authenticated Stored XSS via Widget HTML Data Attributes
CVSS 6.4
CVE-2025-7920 MEDIUM
WinMatrix3 Web package < 1.2.39.5 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-54316 MEDIUM
Logpoint < 7.6.0 - Stored Cross-Site Scripting via Report Template Jinja Filter Chaining
CVSS 4.9
CVE-2025-7902 LOW
RuoYi < 4.8.1 - Cross-Site Scripting in SysNoticeController addSave Function
CVSS 3.5
CVE-2025-7901 MEDIUM
RuoYi < 4.8.1 - Cross-Site Scripting via Swagger UI configUrl Parameter
CVSS 4.3
CVE-2025-46383 MEDIUM
Emby Windows 4.8 - Cross-Site Scripting
CVSS 6.1
CVE-2025-7887 MEDIUM
wikidocs < 1.0.78 - Cross-Site Scripting via path Argument in template.inc.php
CVSS 4.3
CVE-2025-7885 MEDIUM
Huashengdun WebSSH < 1.6.2 - Cross-Site Scripting via Login Page Hostname/Port Parameter
CVSS 4.3
CVE-2025-7872 LOW
Portabilis i-Diario 1.5.0 - Cross-Site Scripting via Justificativa Parameter
CVSS 3.5
CVE-2025-7871 LOW
Portabilis i-Diario 1.5.0 - Cross-Site Scripting via filter[by_description] Parameter
CVSS 3.5
CVE-2025-7870 LOW
Portabilis i-Diario 1.5.0 - Cross-Site Scripting via Anexo Parameter in justificativas-de-falta Endpoint
CVSS 3.5
CVE-2025-7869 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Turma Module nm_tipo Parameter
CVSS 3.5
CVE-2025-7868 LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via Calendar Module Motivo Parameter
CVSS 3.5
CVE-2025-7867 LOW
Portabilis i-Educar 2.9.0/2.10.0 - XSS
CVSS 3.5
CVE-2025-7866 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Disabilities Module
CVSS 3.5
CVE-2025-7865 LOW
JeeSite < 5.12.0 - Cross-Site Scripting in XSS Filter
CVSS 3.5
CVE-2025-7858 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7857 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7856 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
Details
Vulnerabilities 45,143
Exploit Likelihood High