CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,155 vulnerabilities with CWE-79
CVE-2025-5713 LOW
Isolucoesweb Solucoescoop < 2025-05-19 - Code Injection
CVSS 3.5
CVE-2025-5661 LOW
Traffic Offense Reporting System 1.0 - Cross-Site Scripting via site_name Parameter in Setting Handler
CVSS 2.4
CVE-2025-30084 MEDIUM
RSMail! 1.19.20-1.22.26 - Stored Cross-Site Scripting in Dashboard Component
CVSS 6.1
CVE-2025-27754 MEDIUM
RSBlog! 1.11.6-1.14.4 - Authenticated Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-5341 MEDIUM
Forminator Forms < 1.44.1 - Authenticated Stored Cross-Site Scripting via 'id' and 'data-size' Parameters
CVSS 6.4
CVE-2025-5651 LOW
Traffic Offense Reporting System 1.0 - Cross-Site Scripting via saveuser.php User Input
CVSS 3.5
CVE-2025-5628 LOW
SourceCodester Food Menu Manager 1.0 - Cross-Site Scripting via Add Menu Handler
CVSS 3.5
CVE-2025-32015 MEDIUM
FreshRSS < 1.26.2 - Cross-Site Scripting via Iframe Srcdoc Attribute
CVSS 6.7
CVE-2025-31136 MEDIUM
FreshRSS < 1.26.2 - Stored Cross-Site Scripting via SVG Favicon in Feed
CVSS 6.7
CVE-2025-22245 MEDIUM
VMware NSX 3.2-4.1.2.5 - Stored Cross-Site Scripting in Router Port
CVSS 5.9
CVE-2025-22244 MEDIUM
VMware NSX - Stored Cross-Site Scripting in Gateway Firewall
CVSS 6.9
CVE-2025-22243 HIGH
VMware NSX Manager UI - Stored Cross-Site Scripting
CVSS 7.5
CVE-2025-20279 MEDIUM
Cisco Unified Contact Center Express - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20273 MEDIUM
Cisco Unified Intelligent Contact Management Enterprise - XSS
CVSS 6.1
CVE-2025-29094 MEDIUM
Motivian Content Management System 41.0.0 - Stored Cross-Site Scripting in Marketing and Content Components
CVSS 6.1
CVE-2025-5584 LOW
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 2.4
CVE-2025-27444 MEDIUM
RSform!Pro 3.0.0-3.3.13 for Joomla - XSS
CVSS 4.8
CVE-2025-5539 MEDIUM
WordPress WP Easy Contact <= 4.0.0 - Authenticated Stored XSS via emd_mb_meta Shortcode
CVSS 6.4
CVE-2025-5532 MEDIUM
WordPress - Faculty, Staff & Student Directory Plugin 1.9.0 - XSS
CVSS 6.4
CVE-2025-5531 MEDIUM
Employee Directory - Staff Listing & Team Directory Plugin for Word...
CVSS 6.4
CVE-2025-5543 LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5542 LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5523 LOW
enilu web-flash 1.0 - Cross-Site Scripting via File Upload Argument
CVSS 3.5
CVE-2025-5516 LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5513 LOW
shiyi-blog < 1.2.1 - Stored Cross-Site Scripting via Comment Content Parameter
CVSS 3.5
Details
Vulnerabilities 45,155
Exploit Likelihood High