CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-48700 MEDIUM KEV
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content
CVSS 6.1
CVE-2025-6477 LOW
Student Result Management System 1.0 - Cross-Site Scripting via System Settings Page School Name Parameter
CVSS 2.4
CVE-2025-6475 LOW
Student Result Management System 1.0 - Cross-Site Scripting in Manage Students Module
CVSS 2.4
CVE-2025-6473 MEDIUM
School Fees Payment System 1.0 - Cross-Site Scripting via transcation_remark Parameter
CVSS 4.3
CVE-2025-6452 LOW
CodeAstro Patient Record Management System 1.0 - Cross-Site Scripting via Patient Name Parameter
CVSS 2.4
CVE-2025-1987 MEDIUM
Psono Client - Stored Cross-Site Scripting via Vault Entry URL Field
CVSS 6.1
CVE-2025-5289 MEDIUM
3D FlipBook <= 1.16.15 - Authenticated Stored XSS via Style and Mode Parameters
CVSS 6.4
CVE-2025-5143 MEDIUM
TableOn WordPress Plugin <= 1.0.4.1 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2025-5034 HIGH
WP File Download < 6.2.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52552 MEDIUM
fastgpt < 4.9.12 - Open Redirect and DOM-based Cross-Site Scripting via LastRoute Parameter
CVSS 6.1
CVE-2025-52486 MEDIUM
Dnnsoftware Dotnetnuke < 10.0.1 - XSS
CVSS 6.1
CVE-2025-52485 MEDIUM
Dnnsoftware Dotnetnuke < 10.0.1 - XSS
CVSS 5.4
CVE-2025-2443 HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
CVSS 8.7
CVE-2025-6353 LOW
Responsive Blog Site 1.0 - Cross-Site Scripting via Search Keyword Parameter
CVSS 3.5
CVE-2025-6347 LOW
Responsive Blog Site 1.0/1.12.4/3.3.4 - Cross-Site Scripting in pageViewMembers.php
CVSS 2.4
CVE-2025-6345 LOW
My Food Recipe 1.0 - Cross-Site Scripting via Add Recipe Page Name Parameter
CVSS 3.5
CVE-2025-52782 HIGH
King Rayhan Scroll UP <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52733 MEDIUM
ANON::form embedded secure form <= 1.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-52710 MEDIUM
Ninja Team File Manager Pro <1.8.8 - XSS
CVSS 5.9
CVE-2025-52707 MEDIUM
FirelightWP Firelight Lightbox <2.3.16 - XSS
CVSS 6.5
CVE-2025-50051 MEDIUM
Chad Butler WP-Members <3.5.4 - XSS
CVSS 6.5
CVE-2025-50050 MEDIUM
BlueGlass Interactive AG Jobs for WordPress <2.7.12 - XSS
CVSS 6.5
CVE-2025-50049 MEDIUM
prismtechstudios Modern Footnotes <1.4.19 - XSS
CVSS 6.5
CVE-2025-50048 MEDIUM
Automatically Hierarchic Categories in Menu <= 2.0.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-50047 MEDIUM
webvitaly Sitekit <= 1.9 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,145
Exploit Likelihood High