CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,155 vulnerabilities with CWE-79
CVE-2025-5420
LOW
juzaweb CMS <= 3.4.2 - Cross-Site Scripting via File Manager Upload
CVSS 3.5
CVE-2025-5412
LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Login Return_To Parameter
CVSS 3.5
CVE-2025-5411
LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Tag Argument in tag_resources Function
CVSS 3.5
CVE-2025-5407
LOW
chaitak-gorai Blogbook - Stored Cross-Site Scripting via Fullname Parameter
CVSS 2.4
CVE-2025-5405
LOW
chaitak-gorai Blogbook < 2021-11-22 - Stored Cross-Site Scripting via Comment Functionality
CVSS 3.5
CVE-2025-2896
MEDIUM
IBM Planning Analytics Local 2.0 and 2.1 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-25044
MEDIUM
IBM Planning Analytics Local <2.2 - XSS
CVSS 5.4
CVE-2025-5383
LOW
Yifang CMS < 2.0.2 - Cross-Site Scripting in Article Management Module
CVSS 2.4
CVE-2025-5378
MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via atTxtStreet Parameter
CVSS 4.3
CVE-2025-5377
MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via historic1.asp Zoom Parameter
CVSS 4.3
CVE-2025-5290
MEDIUM
Borderless Elementor Addons & Templates 1.7.1 - XSS
CVSS 6.4
CVE-2025-3813
MEDIUM
Royal Elementor Addons <= 1.7.1020 - Authenticated Stored XSS via _elementor_data
CVSS 6.4
CVE-2025-5292
MEDIUM
Element Pack Addons for Elementor <5.11.2 - XSS
CVSS 6.4
CVE-2025-5285
MEDIUM
Product Subtitle for WooCommerce <= 1.3.9 - Authenticated Stored Cross-Site Scripting via htmlTag Parameter
CVSS 6.4
CVE-2025-4595
MEDIUM
FastSpring <= 3.0.1 - Authenticated Stored Cross-Site Scripting via Block Color Attribute
CVSS 6.4
CVE-2025-4590
MEDIUM
WordPress prijsvergelijkers <4.8.4 - XSS
CVSS 6.4
CVE-2025-5016
MEDIUM
Relevanssi - A Better Search <4.24.5, 2.27.6 - XSS
CVSS 4.7
CVE-2025-48883
MEDIUM
chrome-php/chrome < 1.14.0 - Cross-Site Scripting via CSS Selector Expression
CVE-2025-4992
HIGH
Service Process Engineer <R2025x - XSS
CVSS 8.7
CVE-2025-4991
HIGH
Dassault Systmes Collaborative Industry Innovator R2022x-R2025x - Stored Cross-Site Scripting in 3D Markup
CVSS 8.7
CVE-2025-4990
HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Change Governance
CVSS 8.7
CVE-2025-4989
HIGH
Dassault Systmes Product Manager R2022x-R2025x - Stored Cross-Site Scripting in Requirements
CVSS 8.7
CVE-2025-4988
HIGH
Multidisciplinary Optimization Engineer <R2024x - XSS
CVSS 8.7
CVE-2025-4986
HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Model Definition
CVSS 8.7
CVE-2025-4985
HIGH
Dassault Systmes Project Portfolio Manager R2022x-R2025x - Stored Cross-Site Scripting in Risk Management
CVSS 8.7
Details
Vulnerabilities
45,155
Exploit Likelihood
High