CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,144 vulnerabilities with CWE-79
CVE-2025-49534 MEDIUM
Adobe Experience Manager < FP11.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-49543 MEDIUM
Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-49542 MEDIUM
ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Unauthenticated Reflected Cross-Site Scripting
CVSS 5.2
CVE-2025-49541 MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-49540 MEDIUM
ColdFusion <= 2025.2, 2023.14, 2021.20 - Stored Cross-Site Scripting in Form Fields
CVSS 4.3
CVE-2025-7363 MEDIUM
MediaWiki TitleIcon <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7362 MEDIUM
MediaWiki MsUpload <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-53479 MEDIUM
Mediawiki - CheckUser <1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7182 MEDIUM
Student Transcript Processing System 1.0 - Cross-Site Scripting via edit.php pre Parameter
CVSS 4.3
CVE-2025-53480 MEDIUM
Mediawiki - CheckUser <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-3630 MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.6, 6.2.0.0-6.2.0.4 Authenticated Stored XSS
CVSS 6.4
CVE-2025-2793 MEDIUM
IBM Sterling B2B Integrator & File Gateway 6.0.0.0-6.1.2.6, 6.2.0.0-6.2.0.4 Authenticated Stored XSS
CVSS 5.4
CVE-2025-40721 MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via id_factura Parameter
CVSS 5.4
CVE-2025-40720 MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via Campo Parameter
CVSS 6.1
CVE-2025-40719 MEDIUM
Quiter Gateway < 4.7.0 - Reflected Cross-Site Scripting via id_concesion Parameter
CVSS 6.1
CVE-2025-6743 MEDIUM
Woodmart < 8.2.3 - Authenticated Stored Cross-Site Scripting via Multiple Markers Attribute
CVSS 6.4
CVE-2025-42956 MEDIUM
SAP NetWeaver ABAP and ABAP Platform - Stored Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2025-5537 MEDIUM
FooBox < 2.7.34 - Authenticated Stored Cross-Site Scripting via Image Alternative Text
CVSS 6.4
CVE-2025-6244 MEDIUM
Essential Addons for Elementor - WordPress <6.1.19 - XSS
CVSS 6.4
CVE-2025-5570 MEDIUM
AI Engine < 2.8.4 - Authenticated Stored Cross-Site Scripting via mwai_chatbot Shortcode ID Parameter
CVSS 5.4
CVE-2025-42973 MEDIUM
SAP Data Services Management Console - XSS
CVSS 5.4
CVE-2025-42969 MEDIUM
SAP NetWeaver Application Server ABAP and ABAP Platform - XSS
CVSS 6.1
CVE-2025-42962 MEDIUM
SAP Business Warehouse Business Explorer Web 3.5 - Stored Cross-Site Scripting via Loading Animation
CVSS 6.1
CVE-2025-7153 LOW
CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Doctor Profile POST Parameters
CVSS 3.5
CVE-2025-7148 LOW
CodeAstro Simple Hospital Management System 1.0 - Stored Cross-Site Scripting via Patient POST Parameter
CVSS 3.5
Details
Vulnerabilities 45,144
Exploit Likelihood High