CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,144 vulnerabilities with CWE-79
CVE-2025-7144
LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Admin Name Parameter in Admin Profile Page
CVSS 2.4
CVE-2025-7143
LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Tax Name Parameter in Update Tax Page
CVSS 2.4
CVE-2025-7142
LOW
Best Salon Management System 1.0 - Cross-Site Scripting in Search Appointment Panel
CVSS 2.4
CVE-2025-53543
MEDIUM
Kestra < 0.22.0 - Stored Cross-Site Scripting in Execution Overview Tab
CVSS 4.2
CVE-2025-53496
MEDIUM
Wikimedia Foundation Mediawiki - MediaSearch Extension <1.42.7/1.43...
CVSS 5.4
CVE-2025-7141
LOW
Best Salon Management System 1.0 - Cross-Site Scripting in Update Staff Page
CVSS 2.4
CVE-2025-7140
LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Staff Name Parameter in Update Staff Page
CVSS 2.4
CVE-2025-53488
MEDIUM
Mediawiki - WikiHiero Extension <1.43.2 - XSS
CVSS 6.1
CVE-2025-53478
MEDIUM
Mediawiki - CheckUser <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7139
LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Update Customer Details Page Name Parameter
CVSS 2.4
CVE-2025-53526
MEDIUM
WeGIA < 3.4.3 - Stored Cross-Site Scripting via novo_memorando.php
CVSS 6.1
CVE-2025-53525
MEDIUM
WeGIA < 3.4.3 - Reflected Cross-Site Scripting via id_dependente Parameter
CVSS 6.1
CVE-2025-53497
MEDIUM
Wikimedia Foundation Mediawiki - RelatedArticles Extension <1.43.2 ...
CVSS 5.4
CVE-2025-53491
MEDIUM
Mediawiki FlaggedRevs Ext <1.43.2 - XSS
CVSS 5.4
CVE-2025-53377
MEDIUM
WeGIA < 3.4.3 - Reflected Cross-Site Scripting via id_funcionario Parameter
CVSS 6.1
CVE-2025-7057
MEDIUM
Mediawiki - Quiz Extension <1.39.13-1.43.2 - XSS
CVSS 5.4
CVE-2025-53487
MEDIUM
MediaWiki - ApprovedRevs <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-53486
MEDIUM
MediaWiki WikiCategoryTagCloud <1.39.13/1.42.7/1.43.2 - XSS via linkstyle
CVSS 5.4
CVE-2025-7056
MEDIUM
Mediawiki - UrlShortener Ext <1.42.7-1.43.2 - XSS
CVSS 6.3
CVE-2025-4779
MEDIUM
lunary < 1.9.24 - Unauthenticated Stored Cross-Site Scripting via v1/runs/ingest Endpoint
CVSS 6.1
CVE-2025-3467
MEDIUM
langgenius/dify < 1.1.3 - Stored Cross-Site Scripting via Published Chat Payload
CVSS 5.4
CVE-2025-7113
LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curricular Components Module Nome Parameter
CVSS 3.5
CVE-2025-7112
LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Function Management Module
CVSS 3.5
CVE-2025-7111
LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curso Parameter in Course Module
CVSS 3.5
CVE-2025-7110
LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Escola Parameter in School Module
CVSS 3.5
Details
Vulnerabilities
45,144
Exploit Likelihood
High