CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-53934 MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via descricao_emergencia Parameter
CVSS 5.4
CVE-2025-53933 MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via adicionar_enfermidade.php Nome Parameter
CVSS 5.4
CVE-2025-53932 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via cpf Parameter
CVSS 6.1
CVE-2025-53931 MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via raca Parameter in adicionar_raca.php
CVSS 5.4
CVE-2025-53930 MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via especie Parameter in adicionar_especie.php
CVSS 5.4
CVE-2025-53929 MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via adicionar_cor.php cor Parameter
CVSS 5.4
CVE-2025-53926 MEDIUM
emlog <= 2.5.17 - Cross-Site Scripting via Comment and Comname Parameters
CVSS 6.1
CVE-2025-47053 MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-46959 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-53925 MEDIUM
emlog <= 2.5.17 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53924 MEDIUM
emlog <= pro-2.5.17 - Authenticated Stored Cross-Site Scripting via siteurl Parameter
CVSS 6.9
CVE-2025-53923 HIGH
emlog <= 2.5.17 - Stored Cross-Site Scripting via Keyword Parameter
CVSS 8.2
CVE-2025-53892 MEDIUM
Vue I18n <9.14.5, 10.0.8, 11.1.0 - XSS
CVE-2025-52787 HIGH
EZiHosting Tennis Court Bookings <1.2.7 - XSS
CVSS 7.1
CVE-2025-52786 HIGH
Kingdom Creation Media Folder <1.0.0 - XSS
CVSS 7.1
CVE-2025-52779 HIGH
Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52777 HIGH
cmsMinds Pay with Contact Form 7 <1.0.4 - XSS
CVSS 7.1
CVE-2025-49031 HIGH
SMu Manual DoFollow <= 1.8.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48345 HIGH
Arisoft Contact Form 7 Editor Button <1.0.0 - XSS
CVSS 7.1
CVE-2025-48291 HIGH
Contest Gallery <= 26.0.6 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-47652 HIGH
Infility Global <= 2.13.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47554 HIGH
QuanticaLabs CSS3 Compare Pricing Tables <11.6 - XSS
CVSS 7.1
CVE-2025-46500 HIGH
ValvePress Wordpress Auto Spinner <3.25.0 - XSS
CVSS 7.1
CVE-2025-31427 HIGH
designthemes Invico - WordPress Consulting Business Theme <1.9 - XSS
CVSS 7.1
CVE-2025-31072 HIGH
Ofiz - WordPress Business Consulting Theme <2.0 - XSS
CVSS 7.1
Details
Vulnerabilities 45,143
Exploit Likelihood High