CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,153 vulnerabilities with CWE-79
CVE-2025-46853 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46851 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46850 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46848 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46847 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46846 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46845 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46844 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46843 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46842 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46841 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46838 MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46837 HIGH
Adobe Experience Manager <6.5.22 - XSS
CVSS 8.7
CVE-2025-5976 LOW
PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via fullname Parameter
CVSS 3.5
CVE-2025-5975 MEDIUM
PHPGurukul Rail Pass Management System 1.0 - Cross-Site Scripting via searchdata Parameter
CVSS 4.3
CVE-2025-5974 LOW
PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via /check-status.php searchdata Parameter
CVSS 3.5
CVE-2025-5973 LOW
PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via tableno Parameter
CVSS 2.4
CVE-2025-5972 LOW
PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via fullname Parameter
CVSS 2.4
CVE-2025-36580 MEDIUM
Dell Wyse Management Suite < 5.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-36577 MEDIUM
Dell Wyse Management Suite < 5.2 - Authenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-5970 LOW
PHPGurukul Restaurant Table Booking System 1.0 - Cross-Site Scripting via fullname Parameter
CVSS 2.4
CVE-2025-47977 HIGH
Nuance Digital Engagement Platform < 5.64.x - Cross-Site Scripting
CVSS 8.2
CVE-2025-47110 HIGH
Adobe Commerce 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier - Stored Cross-Site Scripting in Form Fields
CVSS 8.4
CVE-2025-26395 HIGH
SolarWinds Observability Self-Hosted < 2025.2 - Authenticated Stored Cross-Site Scripting via URL Field
CVSS 7.1
CVE-2025-4774 MEDIUM
Premium Addons for Elementor < 4.11.8 - Authenticated Stored Cross-Site Scripting via Countdown Widget Data Attribute
CVSS 6.4
Details
Vulnerabilities 45,153
Exploit Likelihood High