CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-5015 HIGH
Parsons Utility Enterprise Data Management - Unauthenticated Cross-Site Scripting via RSS Widget URL
CVSS 8.8
CVE-2025-44206 MEDIUM
Hexagon HxGN OnCall Dispatch Advantage - Authenticated Stored Cross-Site Scripting via Broadcast Person Functionality
CVSS 4.6
CVE-2025-25905 HIGH
CADClick < 1.13.0 - Cross-Site Scripting via Tree Parameter
CVSS 7.1
CVE-2025-48954 HIGH
Discourse < 3.5.0.beta6 - Cross-Site Scripting via Social Login
CVSS 8.1
CVE-2025-6613 LOW
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting via Name Parameter in manage-patient.php
CVSS 3.5
CVE-2025-5585 MEDIUM
SiteOrigin Widgets Bundle <1.68.4 - XSS
CVSS 6.4
CVE-2025-50699 MEDIUM
PHPGurukul Online DJ Booking Management System 2.0 - XSS
CVSS 6.1
CVE-2025-50695 MEDIUM
PHPGurukul Online DJ Booking Management System 2.0 - XSS
CVSS 6.1
CVE-2025-6569 MEDIUM
School Fees Payment System 1.0 - XSS
CVSS 4.3
CVE-2025-27828 HIGH
Mitel MiContact Center Business <10.2.0.4 - XSS
CVSS 7.1
CVE-2025-6430 MEDIUM
Firefox < 140.0 and 128.12-128.* - Cross-Site Scripting via Embed/Object Tag Content-Disposition Bypass
CVSS 6.1
CVE-2025-5258 MEDIUM
Conference Scheduler <= 2.5.1 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-43877 MEDIUM
ELECOM WRC-1167GHBK2-S - Stored Cross-Site Scripting in WebGUI
CVSS 5.4
CVE-2025-47943 MEDIUM
Gogs < 0.13.3 - Stored Cross-Site Scripting via Outdated pdfjs Component
CVSS 6.3
CVE-2025-48470 MEDIUM
Advantech WISE-4000 Series LAN Firmware - Stored Cross-Site Scripting
CVSS 4.1
CVE-2025-6551 LOW
java-aodeng Hope-Boot 1.0.0 - Cross-Site Scripting via WebController Login Error Message
CVSS 3.5
CVE-2025-34032 MEDIUM
Moodle Jmol Plugin < 6.1 - Reflected Cross-Site Scripting via jsmol.php Data Parameter
CVSS 6.1
CVE-2025-52561 MEDIUM
HTMLSanitizer.jl < 0.2.1 - Cross-Site Scripting via Style Tag Whitelist
CVE-2025-52558 HIGH
changedetection.io < 0.50.4 - Cross-Site Scripting via Filter Error Handling
CVE-2025-49126 HIGH
Visionatrix 1.5.0-2.5.0 - Reflected Cross-Site Scripting via /docs/flows Endpoint
CVSS 8.8
CVE-2025-6509 LOW
seaswalker spring-analysis <4379cce848af96997a9d7ef91d594aa129be8d7...
CVSS 3.5
CVE-2025-52879 MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting in NPM Registry Integration
CVSS 4.8
CVE-2025-52877 MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting on diskUsageBuildsStats Page
CVSS 4.8
CVE-2025-52876 MEDIUM
JetBrains TeamCity < 2025.03.3 - Reflected Cross-Site Scripting on FavoriteIcon Page
CVSS 5.4
CVE-2025-52875 MEDIUM
JetBrains TeamCity < 2025.03.3 - DOM-based Cross-Site Scripting in Performance Monitor Page
CVSS 5.4
Details
Vulnerabilities 45,145
Exploit Likelihood High