CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,153 vulnerabilities with CWE-79
CVE-2025-31917
HIGH
LambertGroup Universal Video Player <3.8.3 - XSS
CVSS 7.1
CVE-2025-31638
HIGH
Spare < 1.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31426
HIGH
LambertGroup Sticky Radio Player <3.4 - XSS
CVSS 7.1
CVE-2025-31061
HIGH
Wishlist <= 2.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31058
HIGH
LambertGroup Revolution Video Player <2.9.2 - XSS
CVSS 7.1
CVE-2025-31057
HIGH
LambertGroup Universal Video Player <1.4.0 - XSS
CVSS 7.1
CVE-2025-5884
LOW
Konica Minolta bizhub < 2025-02-02 - Cross-Site Scripting via Model Name Argument
CVSS 3.5
CVE-2025-5879
LOW
WukongCRM 9.0 - Cross-Site Scripting via File Upload in AdminSysConfigController.java
CVSS 3.5
CVE-2025-49130
MEDIUM
laravel-translation-manager < 0.6.8 - Authenticated Stored Cross-Site Scripting
CVE-2025-48062
HIGH
Discourse <3.4.4, <3.5.0.beta5, <3.5.0.beta6-dev - XSS
CVSS 7.1
CVE-2025-41437
MEDIUM
Zohocorp ManageEngine <128565 - XSS
CVSS 4.3
CVE-2025-40675
MEDIUM
Bagisto 2.0.0-2.2.2 - Reflected Cross-Site Scripting via Search Query Parameter
CVSS 6.1
CVE-2025-4652
MEDIUM
Broadstreet WordPress <1.51.8 - XSS
CVSS 6.1
CVE-2025-3582
MEDIUM
Newsletter < 8.8.5 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 4.8
CVE-2025-3581
MEDIUM
Newsletter < 8.8.5 - Authenticated Stored Cross-Site Scripting via Widget Options
CVSS 4.8
CVE-2025-5568
MEDIUM
WpEvently < 4.4.3 - Authenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 6.4
CVE-2025-5528
MEDIUM
Sassy Social Share <= 3.3.75 - Unauthenticated Reflected XSS via heateor_mastodon_share
CVSS 6.1
CVE-2025-5303
HIGH
LTL Freight Quotes - Unauthenticated Stored XSS via Expiry Date Parameter
CVSS 7.2
CVE-2025-5797
LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Type Parameter in insert_type.php
CVSS 3.5
CVE-2025-5796
LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Type Parameter in edit_type.php
CVSS 3.5
CVE-2025-5806
HIGH
Jenkins Gatling Plugin 136.vb_9009b_3d33a_e - XSS
CVSS 8.0
CVE-2025-5765
LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Customer Parameter in edit_laundry.php
CVSS 3.5
CVE-2025-5764
LOW
code-projects simple_laundry_system 1.0 - Cross-Site Scripting via Customer Parameter in insert_laundry.php
CVSS 3.5
CVE-2025-49450
MEDIUM
mhallmann SEPA Girocode <0.5.2 - XSS
CVSS 6.5
CVE-2025-49443
MEDIUM
Bacon Ipsum <= 2.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,153
Exploit Likelihood
High