CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-2800 HIGH
WP Event Manager < 3.1.50 - Unauthenticated Stored Cross-Site Scripting via Organizer Name Parameter
CVSS 7.2
CVE-2025-2799 MEDIUM
WP Event Manager < 3.1.49 - Authenticated Stored Cross-Site Scripting via Tag Name Parameter
CVSS 4.4
CVE-2025-6977 MEDIUM
ProfileGrid <= 5.9.5.4 - Unauthenticated Reflected XSS via pm_get_messenger_notification
CVSS 6.1
CVE-2025-30746 MEDIUM
Oracle iStore 12.2.3-12.2.14 - Unauthenticated Cross-Site Request Forgery in Shopping Cart
CVSS 6.1
CVE-2025-53903 LOW
the-scratch-channel.github.io - Cross-Site Scripting via Unsanitized Text Box Input
CVE-2025-52378 MEDIUM
Nexxt Solutions NCM-X1800 Mesh Router <UV1.2.7 - XSS
CVSS 5.4
CVE-2025-33097 MEDIUM
IBM QRadar SIEM 7.5-7.5.0 UP12 IF02 - XSS
CVSS 6.4
CVE-2025-4369 MEDIUM
WordPress Companion Auto Update <3.9.2 - XSS
CVSS 5.5
CVE-2025-7672 MEDIUM
JiranSoft CrossEditor4 <4.6.0.23 - XSS
CVSS 4.3
CVE-2025-7367 MEDIUM
Strong Testimonials <= 3.2.11 - Authenticated Stored Cross-Site Scripting via Testimonial Custom Fields
CVSS 6.4
CVE-2025-53839 MEDIUM
DRACOON Branding Service <2.10.0 - XSS
CVSS 4.0
CVE-2025-53835 CRITICAL
XWiki 5.4.5-14.10 - Stored Cross-Site Scripting via Raw Block HTML Injection
CVSS 9.0
CVE-2025-53834 MEDIUM
Caido < 0.49.0 - Reflected Cross-Site Scripting in Toast UI Component
CVSS 6.3
CVE-2025-53824 MEDIUM
WeGIA < 3.4.4 - Reflected Cross-Site Scripting via editar_permissoes.php msg_c Parameter
CVSS 5.4
CVE-2025-53822 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via relatorio_geracao.php tipo_relatorio Parameter
CVSS 6.5
CVE-2025-53820 MEDIUM
WeGIA < 3.4.5 - Reflected Cross-Site Scripting via 'erro' Parameter in index.php
CVSS 6.5
CVE-2025-7601 LOW
PHPGurukul Online Library Management System 3.0 - XSS
CVSS 3.5
CVE-2025-7618 MEDIUM
ADM <4.3.3.RH61 & <5.0.0.RIN1 - XSS
CVE-2025-7380 MEDIUM
ASUSTOR ADM <= 5.0.0.RIN1 - Shared Folder Stored Cross-Site Scripting
CVE-2025-7569 LOW
Bigotry OneBase <= 1.3.6 - Cross-Site Scripting via parse_args Function
CVSS 3.5
CVE-2025-7567 MEDIUM
ShopXO < 6.5.0 - Cross-Site Scripting via lang/system_type Parameter
CVSS 4.3
CVE-2025-7554 LOW
Sapido RB-1802 1.0.32 - Cross-Site Scripting in URL Filtering Page
CVSS 2.4
CVE-2025-53865 MEDIUM
Roundup < 2.5.0 - Cross-Site Scripting via Issue Tracker Templates
CVSS 6.4
CVE-2025-6068 MEDIUM
FooGallery < 2.4.31 - Authenticated Stored Cross-Site Scripting via Caption Attributes
CVSS 6.4
CVE-2025-5530 MEDIUM
WPC Smart Compare for WooCommerce <6.4.6 - XSS
CVSS 6.4
Details
Vulnerabilities 45,143
Exploit Likelihood High