CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-50126 MEDIUM
RSBlog! component for Joomla 1.11.6-1.14.5 - Authenticated Stored Cross-Site Scripting via jform[tags_text] Parameter
CVE-2025-50058 MEDIUM
RSDirectory! component for Joomla 1.0.0-2.2.8 - Authenticated Stored Cross-Site Scripting via Review Reply Component
CVE-2025-50056 MEDIUM
RSMail! component for Joomla 1.19.20-1.22.28 - Reflected Cross-Site Scripting via Crafted Parameter
CVE-2025-49486 HIGH
Balbooa Gallery component for Joomla 1.0.0-2.4.0 - Stored Cross-Site Scripting
CVE-2025-6023 HIGH
Grafana OSS <12.0.2 - Open Redirect
CVSS 7.6
CVE-2025-6719 MEDIUM
Terms descriptions plugin for WordPress <3.4.8 - XSS
CVSS 4.4
CVE-2025-5800 MEDIUM
Testimonial Post type plugin <1.2.1 - XSS
CVSS 6.4
CVE-2025-5767 MEDIUM
Crowdfunding for WooCommerce <3.1.14 - XSS
CVSS 6.4
CVE-2025-5754 MEDIUM
Useful Tab Block - WordPress <1.3.2 - XSS
CVSS 6.4
CVE-2025-5752 MEDIUM
WordPress Vertical Scroll Image Slideshow Gallery <11.1 - XSS
CVSS 6.4
CVE-2025-7660 MEDIUM
Map My Locations <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-7648 MEDIUM
Ruven Themes: Shortcodes <1.0 - XSS
CVSS 6.4
CVE-2025-7431 MEDIUM
WordPress Knowledge Base <2.3.1 - XSS
CVSS 4.4
CVE-2025-7767 LOW
PHPGurukul Art Gallery Management System 1.1 - XSS
CVSS 3.5
CVE-2025-6185 CRITICAL
Leviton AcquiSuite and Energy Monitoring Hub - Cross-Site Scripting via URL Parameter
CVSS 9.3
CVE-2025-6248 HIGH
Lenovo Browser - Cross-Site Scripting
CVSS 7.4
CVE-2025-46102 MEDIUM
Beakon Learning Management System Sha... - XSS
CVSS 5.4
CVE-2025-7748 LOW
ZCMS 3.6.0 - Cross-Site Scripting via Create Article Page Title Argument
CVSS 3.5
CVE-2025-47189 MEDIUM
Netwrix Directory Manager <11.1.25162.02 - XSS
CVSS 6.1
CVE-2025-53941 MEDIUM
Hollo < 0.6.5 - HTML Injection via Form Element Submission
CVSS 6.1
CVE-2025-7729 LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in usersProfiles.shtm
CVSS 3.5
CVE-2025-7728 LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in users.shtm
CVSS 3.5
CVE-2025-53904 LOW
the-scratch-channel.github.io - Cross-Site Scripting in admin.js
CVE-2025-53936 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php nome_car Parameter
CVSS 6.1
CVE-2025-53935 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php id Parameter
CVSS 6.1
Details
Vulnerabilities 45,143
Exploit Likelihood High