CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,144 vulnerabilities with CWE-79
CVE-2025-7144 LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Admin Name Parameter in Admin Profile Page
CVSS 2.4
CVE-2025-7143 LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Tax Name Parameter in Update Tax Page
CVSS 2.4
CVE-2025-7142 LOW
Best Salon Management System 1.0 - Cross-Site Scripting in Search Appointment Panel
CVSS 2.4
CVE-2025-53543 MEDIUM
Kestra < 0.22.0 - Stored Cross-Site Scripting in Execution Overview Tab
CVSS 4.2
CVE-2025-53496 MEDIUM
Wikimedia Foundation Mediawiki - MediaSearch Extension <1.42.7/1.43...
CVSS 5.4
CVE-2025-7141 LOW
Best Salon Management System 1.0 - Cross-Site Scripting in Update Staff Page
CVSS 2.4
CVE-2025-7140 LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Staff Name Parameter in Update Staff Page
CVSS 2.4
CVE-2025-53488 MEDIUM
Mediawiki - WikiHiero Extension <1.43.2 - XSS
CVSS 6.1
CVE-2025-53478 MEDIUM
Mediawiki - CheckUser <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-7139 LOW
Best Salon Management System 1.0 - Cross-Site Scripting via Update Customer Details Page Name Parameter
CVSS 2.4
CVE-2025-53526 MEDIUM
WeGIA < 3.4.3 - Stored Cross-Site Scripting via novo_memorando.php
CVSS 6.1
CVE-2025-53525 MEDIUM
WeGIA < 3.4.3 - Reflected Cross-Site Scripting via id_dependente Parameter
CVSS 6.1
CVE-2025-53497 MEDIUM
Wikimedia Foundation Mediawiki - RelatedArticles Extension <1.43.2 ...
CVSS 5.4
CVE-2025-53491 MEDIUM
Mediawiki FlaggedRevs Ext <1.43.2 - XSS
CVSS 5.4
CVE-2025-53377 MEDIUM
WeGIA < 3.4.3 - Reflected Cross-Site Scripting via id_funcionario Parameter
CVSS 6.1
CVE-2025-7057 MEDIUM
Mediawiki - Quiz Extension <1.39.13-1.43.2 - XSS
CVSS 5.4
CVE-2025-53487 MEDIUM
MediaWiki - ApprovedRevs <1.39.13-1.42.7-1.43.2 - XSS
CVSS 5.4
CVE-2025-53486 MEDIUM
MediaWiki WikiCategoryTagCloud <1.39.13/1.42.7/1.43.2 - XSS via linkstyle
CVSS 5.4
CVE-2025-7056 MEDIUM
Mediawiki - UrlShortener Ext <1.42.7-1.43.2 - XSS
CVSS 6.3
CVE-2025-4779 MEDIUM
lunary < 1.9.24 - Unauthenticated Stored Cross-Site Scripting via v1/runs/ingest Endpoint
CVSS 6.1
CVE-2025-3467 MEDIUM
langgenius/dify < 1.1.3 - Stored Cross-Site Scripting via Published Chat Payload
CVSS 5.4
CVE-2025-7113 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curricular Components Module Nome Parameter
CVSS 3.5
CVE-2025-7112 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Function Management Module
CVSS 3.5
CVE-2025-7111 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Curso Parameter in Course Module
CVSS 3.5
CVE-2025-7110 LOW
Portabilis i-Educar 2.9.0 - Cross-Site Scripting via Escola Parameter in School Module
CVSS 3.5
Details
Vulnerabilities 45,144
Exploit Likelihood High