CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,145 vulnerabilities with CWE-79
CVE-2025-5015
HIGH
Parsons Utility Enterprise Data Management - Unauthenticated Cross-Site Scripting via RSS Widget URL
CVSS 8.8
CVE-2025-44206
MEDIUM
Hexagon HxGN OnCall Dispatch Advantage - Authenticated Stored Cross-Site Scripting via Broadcast Person Functionality
CVSS 4.6
CVE-2025-25905
HIGH
CADClick < 1.13.0 - Cross-Site Scripting via Tree Parameter
CVSS 7.1
CVE-2025-48954
HIGH
Discourse < 3.5.0.beta6 - Cross-Site Scripting via Social Login
CVSS 8.1
CVE-2025-6613
LOW
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via Name Parameter in manage-patient.php
CVSS 3.5
CVE-2025-5585
MEDIUM
SiteOrigin Widgets Bundle <1.68.4 - XSS
CVSS 6.4
CVE-2025-50699
MEDIUM
PHPGurukul Online DJ Booking Management System 2.0 - XSS
CVSS 6.1
CVE-2025-50695
MEDIUM
PHPGurukul Online DJ Booking Management System 2.0 - XSS
CVSS 6.1
CVE-2025-6569
MEDIUM
School Fees Payment System 1.0 - XSS
CVSS 4.3
CVE-2025-27828
HIGH
Mitel MiContact Center Business <10.2.0.4 - XSS
CVSS 7.1
CVE-2025-6430
MEDIUM
Firefox < 140.0 and 128.12-128.* - Cross-Site Scripting via Embed/Object Tag Content-Disposition Bypass
CVSS 6.1
CVE-2025-5258
MEDIUM
Conference Scheduler <= 2.5.1 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-43877
MEDIUM
ELECOM WRC-1167GHBK2-S - Stored Cross-Site Scripting in WebGUI
CVSS 5.4
CVE-2025-47943
MEDIUM
Gogs < 0.13.3 - Stored Cross-Site Scripting via Outdated pdfjs Component
CVSS 6.3
CVE-2025-48470
MEDIUM
Advantech WISE-4000 Series LAN Firmware - Stored Cross-Site Scripting
CVSS 4.1
CVE-2025-6551
LOW
java-aodeng Hope-Boot 1.0.0 - Cross-Site Scripting via WebController Login Error Message
CVSS 3.5
CVE-2025-34032
MEDIUM
Moodle Jmol Plugin < 6.1 - Reflected Cross-Site Scripting via jsmol.php Data Parameter
CVSS 6.1
CVE-2025-52561
MEDIUM
HTMLSanitizer.jl < 0.2.1 - Cross-Site Scripting via Style Tag Whitelist
CVE-2025-52558
HIGH
changedetection.io < 0.50.4 - Cross-Site Scripting via Filter Error Handling
CVE-2025-49126
HIGH
Visionatrix 1.5.0-2.5.0 - Reflected Cross-Site Scripting via /docs/flows Endpoint
CVSS 8.8
CVE-2025-6509
LOW
seaswalker spring-analysis <4379cce848af96997a9d7ef91d594aa129be8d7...
CVSS 3.5
CVE-2025-52879
MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting in NPM Registry Integration
CVSS 4.8
CVE-2025-52877
MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting on diskUsageBuildsStats Page
CVSS 4.8
CVE-2025-52876
MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting on FavoriteIcon Page
CVSS 5.4
CVE-2025-52875
MEDIUM
JetBrains TeamCity < 2025.03.3 - DOM-based Cross-Site Scripting in Performance Monitor Page
CVSS 5.4
Details
Vulnerabilities
45,145
Exploit Likelihood
High