CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,155 vulnerabilities with CWE-79
CVE-2025-5713
LOW
Isolucoesweb Solucoescoop < 2025-05-19 - Code Injection
CVSS 3.5
CVE-2025-5661
LOW
Traffic Offense Reporting System 1.0 - Cross-Site Scripting via site_name Parameter in Setting Handler
CVSS 2.4
CVE-2025-30084
MEDIUM
RSMail! 1.19.20-1.22.26 - Stored Cross-Site Scripting in Dashboard Component
CVSS 6.1
CVE-2025-27754
MEDIUM
RSBlog! 1.11.6-1.14.4 - Authenticated Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-5341
MEDIUM
Forminator Forms < 1.44.1 - Authenticated Stored Cross-Site Scripting via 'id' and 'data-size' Parameters
CVSS 6.4
CVE-2025-5651
LOW
Traffic Offense Reporting System 1.0 - Cross-Site Scripting via saveuser.php User Input
CVSS 3.5
CVE-2025-5628
LOW
SourceCodester Food Menu Manager 1.0 - Cross-Site Scripting via Add Menu Handler
CVSS 3.5
CVE-2025-32015
MEDIUM
FreshRSS < 1.26.2 - Cross-Site Scripting via Iframe Srcdoc Attribute
CVSS 6.7
CVE-2025-31136
MEDIUM
FreshRSS < 1.26.2 - Stored Cross-Site Scripting via SVG Favicon in Feed
CVSS 6.7
CVE-2025-22245
MEDIUM
VMware NSX 3.2-4.1.2.5 - Stored Cross-Site Scripting in Router Port
CVSS 5.9
CVE-2025-22244
MEDIUM
VMware NSX - Stored Cross-Site Scripting in Gateway Firewall
CVSS 6.9
CVE-2025-22243
HIGH
VMware NSX Manager UI - Stored Cross-Site Scripting
CVSS 7.5
CVE-2025-20279
MEDIUM
Cisco Unified Contact Center Express - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-20273
MEDIUM
Cisco Unified Intelligent Contact Management Enterprise - XSS
CVSS 6.1
CVE-2025-29094
MEDIUM
Motivian Content Management System 41.0.0 - Stored Cross-Site Scripting in Marketing and Content Components
CVSS 6.1
CVE-2025-5584
LOW
PHPGurukul Hospital Management System 4.0 - XSS
CVSS 2.4
CVE-2025-27444
MEDIUM
RSform!Pro 3.0.0-3.3.13 for Joomla - XSS
CVSS 4.8
CVE-2025-5539
MEDIUM
WordPress WP Easy Contact <= 4.0.0 - Authenticated Stored XSS via emd_mb_meta Shortcode
CVSS 6.4
CVE-2025-5532
MEDIUM
WordPress - Faculty, Staff & Student Directory Plugin 1.9.0 - XSS
CVSS 6.4
CVE-2025-5531
MEDIUM
Employee Directory - Staff Listing & Team Directory Plugin for Word...
CVSS 6.4
CVE-2025-5543
LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5542
LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5523
LOW
enilu web-flash 1.0 - Cross-Site Scripting via File Upload Argument
CVSS 3.5
CVE-2025-5516
LOW
TOTOLINK X2000R 1.0.0-B20230726.1108 - XSS
CVSS 2.4
CVE-2025-5513
LOW
shiyi-blog < 1.2.1 - Stored Cross-Site Scripting via Comment Content Parameter
CVSS 3.5
Details
Vulnerabilities
45,155
Exploit Likelihood
High