CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,144 vulnerabilities with CWE-79
CVE-2025-49534
MEDIUM
Adobe Experience Manager < FP11.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-49543
MEDIUM
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-49542
MEDIUM
ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Unauthenticated Reflected Cross-Site Scripting
CVSS 5.2
CVE-2025-49541
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-49540
MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-7363
MEDIUM
MediaWiki TitleIcon <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7362
MEDIUM
MediaWiki MsUpload <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-53479
MEDIUM
Mediawiki - CheckUser <1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7182
MEDIUM
Student Transcript Processing System 1.0 - Cross-Site Scripting via edit.php pre Parameter
CVSS 4.3
CVE-2025-53480
MEDIUM
Mediawiki - CheckUser <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-3630
MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.6, 6.2.0.0-6.2.0.4 Authenticated Stored XSS
CVSS 6.4
CVE-2025-2793
MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.6, 6.2.0.0-6.2.0.4 Authenticated Stored XSS
CVSS 5.4
CVE-2025-40721
MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via id_factura Parameter
CVSS 5.4
CVE-2025-40720
MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via Campo Parameter
CVSS 6.1
CVE-2025-40719
MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via id_concesion Parameter
CVSS 6.1
CVE-2025-6743
MEDIUM
Woodmart < 8.2.3 - Authenticated Stored Cross-Site Scripting via Multiple Markers Attribute
CVSS 6.4
CVE-2025-42956
MEDIUM
SAP NetWeaver ABAP and ABAP Platform - Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-5537
MEDIUM
FooBox < 2.7.34 - Authenticated Stored Cross-Site Scripting via Image Alternative Text
CVSS 6.4
CVE-2025-6244
MEDIUM
Essential Addons for Elementor - WordPress <6.1.19 - XSS
CVSS 6.4
CVE-2025-5570
MEDIUM
AI Engine < 2.8.4 - Authenticated Stored Cross-Site Scripting via mwai_chatbot Shortcode ID Parameter
CVSS 5.4
CVE-2025-42973
MEDIUM
SAP Data Services Management Console - XSS
CVSS 5.4
CVE-2025-42969
MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform - XSS
CVSS 6.1
CVE-2025-42962
MEDIUM
SAP Business Warehouse Business Explorer Web 3.5 - Stored Cross-Site Scripting via Loading Animation
CVSS 6.1
CVE-2025-7153
LOW
CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Doctor Profile POST Parameters
CVSS 3.5
CVE-2025-7148
LOW
CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Patient POST Parameter
CVSS 3.5
Details
Vulnerabilities
45,144
Exploit Likelihood
High