CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,144 vulnerabilities with CWE-79
CVE-2025-27447 HIGH
meac300-fnade4_firmware < 0.16.0 - Authenticated Stored Cross-Site Scripting via Prepared URL
CVSS 7.4
CVE-2025-5944 MEDIUM
Element Pack Addons for Elementor <= 8.0.0 - Authenticated Stored Cross-Site Scripting via data-caption Attribute
CVSS 6.4
CVE-2025-52842 MEDIUM
Laundry 2.3.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-52559 MEDIUM
Zulip Server 2.0.0-rc1-<10.4 - Cross-Site Scripting in Digest Preview
CVSS 6.8
CVE-2025-20307 MEDIUM
Cisco BroadWorks CommPilot Application Software < RI.2025.05 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20310 MEDIUM
Cisco Enterprise Chat and Email < 12.6(1)ES11 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-6725 MEDIUM
Kendo UI for jQuery 2024.4.1112-2025.2.520 - Stored Cross-Site Scripting in PdfViewer Component
CVSS 5.4
CVE-2025-53494 MEDIUM
Mediawiki - TwoColConflict Ext <1.39.13-1.43.2 - XSS
CVSS 6.5
CVE-2025-53493 MEDIUM
Wikimedia Foundation Mediawiki - MintyDocs Extension <1.43.2 - XSS
CVSS 6.5
CVE-2025-53492 LOW
Wikimedia Foundation Mediawiki - MintyDocs Ext <1.43.2 - XSS
CVSS 3.7
CVE-2025-2330 MEDIUM
All-in-One Addons for Elementor - WidgetKit < 2.5.4 - Authenticated Stored Cross-Site Scripting via Button+Modal Widget
CVSS 6.4
CVE-2025-52462 MEDIUM
Active! mail 6 6.30.01004145-6.60.06008562 - Cross-Site Scripting via Crafted URL
CVSS 6.1
CVE-2025-6687 MEDIUM
Magic Buttons for Elementor <= 1.0 - Authenticated Stored Cross-Site Scripting via Icon Attribute
CVSS 6.4
CVE-2025-6686 MEDIUM
Magic Buttons for Elementor <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Text Attribute
CVSS 6.4
CVE-2025-34080 MEDIUM
Contec CONPROSYS HMI System < 3.7.7 - Reflected Cross-Site Scripting in getqsetting.php
CVSS 6.1
CVE-2025-5314 MEDIUM
Dear Flipbook <= 2.3.65 - Unauthenticated DOM-Based XSS via pdf-source Parameter
CVSS 6.1
CVE-2025-6756 MEDIUM
Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode
CVSS 6.4
CVE-2025-5967 MEDIUM
Trellix Endpoint Security HX 10.0.4 - Stored Cross-Site Scripting in Malware Scan Name Field
CVE-2025-36056 MEDIUM
IBM System Storage Virtualization Engine TS7700 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-2141 MEDIUM
IBM System Storage Virtualization Engine - XSS
CVSS 6.1
CVE-2025-52896 MEDIUM
frappe < 14.94.2 - Authenticated Cross-Site Scripting via Data Import
CVSS 5.4
CVE-2025-2895 MEDIUM
IBM Cloud Pak System 2.3.3.6-2.3.4.1 - Cross-Site Scripting
CVSS 5.4
CVE-2025-41439 MEDIUM
RICOH Streamline NX 3.5.0-3.7.2 - Reflected Cross-Site Scripting via SLNX Help Documentation Parameter
CVSS 6.1
CVE-2025-40734 MEDIUM
Daily Expense Manager 1.0 - Reflected Cross-Site Scripting via Password Parameters
CVSS 6.1
CVE-2025-40733 MEDIUM
Daily Expense Manager 1.0 - Reflected Cross-Site Scripting via Login Username Parameter
CVSS 6.1
Details
Vulnerabilities 45,144
Exploit Likelihood High