CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-53934
MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via descricao_emergencia Parameter
CVSS 5.4
CVE-2025-53933
MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via adicionar_enfermidade.php Nome Parameter
CVSS 5.4
CVE-2025-53932
MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via cpf Parameter
CVSS 6.1
CVE-2025-53931
MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via raca Parameter in adicionar_raca.php
CVSS 5.4
CVE-2025-53930
MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via especie Parameter in adicionar_especie.php
CVSS 5.4
CVE-2025-53929
MEDIUM
WeGIA < 3.4.5 - Stored Cross-Site Scripting via adicionar_cor.php cor Parameter
CVSS 5.4
CVE-2025-53926
MEDIUM
emlog <= 2.5.17 - Cross-Site Scripting via Comment and Comname Parameters
CVSS 6.1
CVE-2025-47053
MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-46959
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-53925
MEDIUM
emlog <= 2.5.17 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-53924
MEDIUM
emlog <= pro-2.5.17 - Authenticated Stored Cross-Site Scripting via siteurl Parameter
CVSS 6.9
CVE-2025-53923
HIGH
emlog <= 2.5.17 - Stored Cross-Site Scripting via Keyword Parameter
CVSS 8.2
CVE-2025-53892
MEDIUM
Vue I18n <9.14.5, 10.0.8, 11.1.0 - XSS
CVE-2025-52787
HIGH
EZiHosting Tennis Court Bookings <1.2.7 - XSS
CVSS 7.1
CVE-2025-52786
HIGH
Kingdom Creation Media Folder <1.0.0 - XSS
CVSS 7.1
CVE-2025-52779
HIGH
Dot html,php,xml etc pages <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52777
HIGH
cmsMinds Pay with Contact Form 7 <1.0.4 - XSS
CVSS 7.1
CVE-2025-49031
HIGH
SMu Manual DoFollow <= 1.8.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48345
HIGH
Arisoft Contact Form 7 Editor Button <1.0.0 - XSS
CVSS 7.1
CVE-2025-48291
HIGH
Contest Gallery <= 26.0.6 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-47652
HIGH
Infility Global <= 2.13.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47554
HIGH
QuanticaLabs CSS3 Compare Pricing Tables <11.6 - XSS
CVSS 7.1
CVE-2025-46500
HIGH
ValvePress Wordpress Auto Spinner <3.25.0 - XSS
CVSS 7.1
CVE-2025-31427
HIGH
designthemes Invico - WordPress Consulting Business Theme <1.9 - XSS
CVSS 7.1
CVE-2025-31072
HIGH
Ofiz - WordPress Business Consulting Theme <2.0 - XSS
CVSS 7.1
Details
Vulnerabilities
45,143
Exploit Likelihood
High