CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,144 vulnerabilities with CWE-79
CVE-2025-27447
HIGH
meac300-fnade4_firmware < 0.16.0 - Authenticated Stored Cross-Site Scripting via Prepared URL
CVSS 7.4
CVE-2025-5944
MEDIUM
Element Pack Addons for Elementor <= 8.0.0 - Authenticated Stored Cross-Site Scripting via data-caption Attribute
CVSS 6.4
CVE-2025-52842
MEDIUM
Laundry 2.3.0 - Cross-Site Scripting
CVSS 6.1
CVE-2025-52559
MEDIUM
Zulip Server 2.0.0-rc1-<10.4 - Cross-Site Scripting in Digest Preview
CVSS 6.8
CVE-2025-20307
MEDIUM
Cisco BroadWorks CommPilot Application Software < RI.2025.05 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20310
MEDIUM
Cisco Enterprise Chat and Email < 12.6(1)ES11 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-6725
MEDIUM
Kendo UI for jQuery 2024.4.1112-2025.2.520 - Stored Cross-Site Scripting in PdfViewer Component
CVSS 5.4
CVE-2025-53494
MEDIUM
Mediawiki - TwoColConflict Ext <1.39.13-1.43.2 - XSS
CVSS 6.5
CVE-2025-53493
MEDIUM
Wikimedia Foundation Mediawiki - MintyDocs Extension <1.43.2 - XSS
CVSS 6.5
CVE-2025-53492
LOW
Wikimedia Foundation Mediawiki - MintyDocs Ext <1.43.2 - XSS
CVSS 3.7
CVE-2025-2330
MEDIUM
All-in-One Addons for Elementor - WidgetKit < 2.5.4 - Authenticated Stored Cross-Site Scripting via Button+Modal Widget
CVSS 6.4
CVE-2025-52462
MEDIUM
Active! mail 6 6.30.01004145-6.60.06008562 - Cross-Site Scripting via Crafted URL
CVSS 6.1
CVE-2025-6687
MEDIUM
Magic Buttons for Elementor <= 1.0 - Authenticated Stored Cross-Site Scripting via Icon Attribute
CVSS 6.4
CVE-2025-6686
MEDIUM
Magic Buttons for Elementor <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Text Attribute
CVSS 6.4
CVE-2025-34080
MEDIUM
Contec CONPROSYS HMI System < 3.7.7 - Reflected Cross-Site Scripting in getqsetting.php
CVSS 6.1
CVE-2025-5314
MEDIUM
Dear Flipbook <= 2.3.65 - Unauthenticated DOM-Based XSS via pdf-source Parameter
CVSS 6.1
CVE-2025-6756
MEDIUM
Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode
CVSS 6.4
CVE-2025-5967
MEDIUM
Trellix Endpoint Security HX 10.0.4 - Stored Cross-Site Scripting in Malware Scan Name Field
CVE-2025-36056
MEDIUM
IBM System Storage Virtualization Engine TS7700 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-2141
MEDIUM
IBM System Storage Virtualization Engine - XSS
CVSS 6.1
CVE-2025-52896
MEDIUM
frappe < 14.94.2 - Authenticated Cross-Site Scripting via Data Import
CVSS 5.4
CVE-2025-2895
MEDIUM
IBM Cloud Pak System 2.3.3.6-2.3.4.1 - Cross-Site Scripting
CVSS 5.4
CVE-2025-41439
MEDIUM
RICOH Streamline NX 3.5.0-3.7.2 - Reflected Cross-Site Scripting via SLNX Help Documentation Parameter
CVSS 6.1
CVE-2025-40734
MEDIUM
Daily Expense Manager 1.0 - Reflected Cross-Site Scripting via Password Parameters
CVSS 6.1
CVE-2025-40733
MEDIUM
Daily Expense Manager 1.0 - Reflected Cross-Site Scripting via Login Username Parameter
CVSS 6.1
Details
Vulnerabilities
45,144
Exploit Likelihood
High