CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-50126
MEDIUM
RSBlog! component for Joomla 1.11.6-1.14.5 - Authenticated Stored Cross-Site Scripting via jform[tags_text] Parameter
CVE-2025-50058
MEDIUM
RSDirectory! component for Joomla 1.0.0-2.2.8 - Authenticated Stored Cross-Site Scripting via Review Reply Component
CVE-2025-50056
MEDIUM
RSMail! component for Joomla 1.19.20-1.22.28 - Reflected Cross-Site Scripting via Crafted Parameter
CVE-2025-49486
HIGH
Balbooa Gallery component for Joomla 1.0.0-2.4.0 - Stored Cross-Site Scripting
CVE-2025-6023
HIGH
Grafana OSS <12.0.2 - Open Redirect
CVSS 7.6
CVE-2025-6719
MEDIUM
Terms descriptions plugin for WordPress <3.4.8 - XSS
CVSS 4.4
CVE-2025-5800
MEDIUM
Testimonial Post type plugin <1.2.1 - XSS
CVSS 6.4
CVE-2025-5767
MEDIUM
Crowdfunding for WooCommerce <3.1.14 - XSS
CVSS 6.4
CVE-2025-5754
MEDIUM
Useful Tab Block - WordPress <1.3.2 - XSS
CVSS 6.4
CVE-2025-5752
MEDIUM
WordPress Vertical Scroll Image Slideshow Gallery <11.1 - XSS
CVSS 6.4
CVE-2025-7660
MEDIUM
Map My Locations <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-7648
MEDIUM
Ruven Themes: Shortcodes <1.0 - XSS
CVSS 6.4
CVE-2025-7431
MEDIUM
WordPress Knowledge Base <2.3.1 - XSS
CVSS 4.4
CVE-2025-7767
LOW
PHPGurukul Art Gallery Management System 1.1 - XSS
CVSS 3.5
CVE-2025-6185
CRITICAL
Leviton AcquiSuite and Energy Monitoring Hub - Cross-Site Scripting via URL Parameter
CVSS 9.3
CVE-2025-6248
HIGH
Lenovo Browser - Cross-Site Scripting
CVSS 7.4
CVE-2025-46102
MEDIUM
Beakon Learning Management System Sha... - XSS
CVSS 5.4
CVE-2025-7748
LOW
ZCMS 3.6.0 - Cross-Site Scripting via Create Article Page Title Argument
CVSS 3.5
CVE-2025-47189
MEDIUM
Netwrix Directory Manager <11.1.25162.02 - XSS
CVSS 6.1
CVE-2025-53941
MEDIUM
Hollo < 0.6.5 - HTML Injection via Form Element Submission
CVSS 6.1
CVE-2025-7729
LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in usersProfiles.shtm
CVSS 3.5
CVE-2025-7728
LOW
Scada-LTS < 2.7.8.1 - Cross-Site Scripting via Username Parameter in users.shtm
CVSS 3.5
CVE-2025-53904
LOW
the-scratch-channel.github.io - Cross-Site Scripting in admin.js
CVE-2025-53936
MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php nome_car Parameter
CVSS 6.1
CVE-2025-53935
MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via personalizacao_selecao.php id Parameter
CVSS 6.1
Details
Vulnerabilities
45,143
Exploit Likelihood
High