CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-7840 LOW
Campcodes Online Movie Theater Seat Reservation System 1.0 - XSS
CVSS 3.5
CVE-2025-7819 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 2.4
CVE-2025-7818 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7817 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7816 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 3.5
CVE-2025-7815 LOW
PHPGurukul Apartment Visitors Management System 1.0 - XSS
CVSS 2.4
CVE-2025-6997 MEDIUM
ThemeREX Addons <= 2.35.1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-7661 MEDIUM
WordPress Partnerský systém Martinus <1.7.1 - XSS
CVSS 6.4
CVE-2025-7658 MEDIUM
Temporarily Hidden Content <1.0.6 - XSS
CVSS 6.4
CVE-2025-7655 MEDIUM
Live Stream Badger <= 1.4.3 - Authenticated Stored Cross-Site Scripting via livestream Shortcode
CVSS 6.4
CVE-2025-7653 MEDIUM
EPay.bg Payments <= 0.1 - Authenticated Stored Cross-Site Scripting via 'epay' Shortcode
CVSS 6.4
CVE-2025-50583 MEDIUM
StudentManage 1.0 - Cross-Site Scripting via Add A New Student Module
CVSS 4.8
CVE-2025-50582 MEDIUM
StudentManage v1.0 - Cross-Site Scripting via Add A New Course Module
CVSS 4.8
CVE-2025-50581 MEDIUM
MRCMS v3.1.2 - Cross-Site Scripting via /admin/group/save.do
CVSS 4.8
CVE-2025-7803 LOW
descreekert wx-discuz <12bd4745c63ec203cb32119bf77ead4a923bf277 - XSS
CVSS 3.5
CVE-2025-50584 MEDIUM
StudentManage v1.0 - Stored Cross-Site Scripting via Add A New Teacher Module
CVSS 4.8
CVE-2025-7802 LOW
PHPGurukul Complaint Management System 2.0 - XSS
CVSS 3.5
CVE-2025-7800 LOW
cgpandey hotelmis < c572198e6c4780fccc63b1d3e8f3f72f825fc94e - XSS
CVSS 3.5
CVE-2025-52169 HIGH
Agorum core open <11.9.2-11.10.1 - XSS
CVSS 7.1
CVE-2025-7791 LOW
PHPGurukul Online Security Guards Hiring System 1.0 - XSS
CVSS 3.5
CVE-2025-54078 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via personalizacao_imagem.php err Parameter
CVSS 6.5
CVE-2025-54077 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via personalizacao.php err Parameter
CVSS 6.5
CVE-2025-54076 MEDIUM
WeGIA < 3.4.6 - Reflected Cross-Site Scripting via pre_cadastro_atendido.php msg_e Parameter
CVSS 6.5
CVE-2025-54075 HIGH
MDC < 0.17.2 - Stored Cross-Site Scripting via Base Tag Injection
CVSS 8.3
CVE-2025-7786 LOW
Gnuboard g6 < 6.0.10 - Cross-Site Scripting in Post Reply Handler
CVSS 3.5
Details
Vulnerabilities 45,143
Exploit Likelihood High