CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,145 vulnerabilities with CWE-79
CVE-2025-48700
MEDIUM
KEV
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content
CVSS 6.1
CVE-2025-6477
LOW
Student Result Management System 1.0 - Cross-Site Scripting via System Settings Page School Name Parameter
CVSS 2.4
CVE-2025-6475
LOW
Student Result Management System 1.0 - Cross-Site Scripting in Manage Students Module
CVSS 2.4
CVE-2025-6473
MEDIUM
School Fees Payment System 1.0 - Cross-Site Scripting via transcation_remark Parameter
CVSS 4.3
CVE-2025-6452
LOW
CodeAstro Patient Record Management System 1.0 - Cross-Site Scripting via Patient Name Parameter
CVSS 2.4
CVE-2025-1987
MEDIUM
Psono Client - Stored Cross-Site Scripting via Vault Entry URL Field
CVSS 6.1
CVE-2025-5289
MEDIUM
3D FlipBook <= 1.16.15 - Authenticated Stored XSS via Style and Mode Parameters
CVSS 6.4
CVE-2025-5143
MEDIUM
TableOn WordPress Plugin <= 1.0.4.1 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2025-5034
HIGH
WP File Download < 6.2.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52552
MEDIUM
fastgpt < 4.9.12 - Open Redirect and DOM-based Cross-Site Scripting via LastRoute Parameter
CVSS 6.1
CVE-2025-52486
MEDIUM
Dnnsoftware Dotnetnuke < 10.0.1 - XSS
CVSS 6.1
CVE-2025-52485
MEDIUM
Dnnsoftware Dotnetnuke < 10.0.1 - XSS
CVSS 5.4
CVE-2025-2443
HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
CVSS 8.7
CVE-2025-6353
LOW
Responsive Blog Site 1.0 - Cross-Site Scripting via Search Keyword Parameter
CVSS 3.5
CVE-2025-6347
LOW
Responsive Blog Site 1.0/1.12.4/3.3.4 - Cross-Site Scripting in pageViewMembers.php
CVSS 2.4
CVE-2025-6345
LOW
My Food Recipe 1.0 - Cross-Site Scripting via Add Recipe Page Name Parameter
CVSS 3.5
CVE-2025-52782
HIGH
King Rayhan Scroll UP <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52733
MEDIUM
ANON::form embedded secure form <= 1.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-52710
MEDIUM
Ninja Team File Manager Pro <1.8.8 - XSS
CVSS 5.9
CVE-2025-52707
MEDIUM
FirelightWP Firelight Lightbox <2.3.16 - XSS
CVSS 6.5
CVE-2025-50051
MEDIUM
Chad Butler WP-Members <3.5.4 - XSS
CVSS 6.5
CVE-2025-50050
MEDIUM
BlueGlass Interactive AG Jobs for WordPress <2.7.12 - XSS
CVSS 6.5
CVE-2025-50049
MEDIUM
prismtechstudios Modern Footnotes <1.4.19 - XSS
CVSS 6.5
CVE-2025-50048
MEDIUM
Automatically Hierarchic Categories in Menu <= 2.0.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-50047
MEDIUM
webvitaly Sitekit <= 1.9 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,145
Exploit Likelihood
High