CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,153 vulnerabilities with CWE-79
CVE-2025-31917 HIGH
LambertGroup Universal Video Player <3.8.3 - XSS
CVSS 7.1
CVE-2025-31638 HIGH
Spare < 1.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31426 HIGH
LambertGroup Sticky Radio Player <3.4 - XSS
CVSS 7.1
CVE-2025-31061 HIGH
Wishlist <= 2.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31058 HIGH
LambertGroup Revolution Video Player <2.9.2 - XSS
CVSS 7.1
CVE-2025-31057 HIGH
LambertGroup Universal Video Player <1.4.0 - XSS
CVSS 7.1
CVE-2025-5884 LOW
Konica Minolta bizhub < 2025-02-02 - Cross-Site Scripting via Model Name Argument
CVSS 3.5
CVE-2025-5879 LOW
WukongCRM 9.0 - Cross-Site Scripting via File Upload in AdminSysConfigController.java
CVSS 3.5
CVE-2025-49130 MEDIUM
laravel-translation-manager < 0.6.8 - Authenticated Stored Cross-Site Scripting
CVE-2025-48062 HIGH
Discourse <3.4.4, <3.5.0.beta5, <3.5.0.beta6-dev - XSS
CVSS 7.1
CVE-2025-41437 MEDIUM
Zohocorp ManageEngine <128565 - XSS
CVSS 4.3
CVE-2025-40675 MEDIUM
Bagisto 2.0.0-2.2.2 - Reflected Cross-Site Scripting via Search Query Parameter
CVSS 6.1
CVE-2025-4652 MEDIUM
Broadstreet WordPress <1.51.8 - XSS
CVSS 6.1
CVE-2025-3582 MEDIUM
Newsletter < 8.8.5 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2025-3581 MEDIUM
Newsletter < 8.8.5 - Authenticated Stored Cross-Site Scripting via Widget Options
CVSS 4.8
CVE-2025-5568 MEDIUM
WpEvently < 4.4.3 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 6.4
CVE-2025-5528 MEDIUM
Sassy Social Share <= 3.3.75 - Unauthenticated Reflected XSS via heateor_mastodon_share
CVSS 6.1
CVE-2025-5303 HIGH
LTL Freight Quotes - Unauthenticated Stored XSS via Expiry Date Parameter
CVSS 7.2
CVE-2025-5797 LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Type Parameter in insert_type.php
CVSS 3.5
CVE-2025-5796 LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Type Parameter in edit_type.php
CVSS 3.5
CVE-2025-5806 HIGH
Jenkins Gatling Plugin 136.vb_9009b_3d33a_e - XSS
CVSS 8.0
CVE-2025-5765 LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Customer Parameter in edit_laundry.php
CVSS 3.5
CVE-2025-5764 LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Customer Parameter in insert_laundry.php
CVSS 3.5
CVE-2025-49450 MEDIUM
mhallmann SEPA Girocode <0.5.2 - XSS
CVSS 6.5
CVE-2025-49443 MEDIUM
Bacon Ipsum <= 2.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,153
Exploit Likelihood High