CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,155 vulnerabilities with CWE-79
CVE-2025-5420 LOW
juzaweb CMS <= 3.4.2 - Cross-Site Scripting via File Manager Upload
CVSS 3.5
CVE-2025-5412 LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Login Return_To Parameter
CVSS 3.5
CVE-2025-5411 LOW
Mist Community Edition < 4.7.2 - Cross-Site Scripting via Tag Argument in tag_resources Function
CVSS 3.5
CVE-2025-5407 LOW
chaitak-gorai Blogbook - Stored Cross-Site Scripting via Fullname Parameter
CVSS 2.4
CVE-2025-5405 LOW
chaitak-gorai Blogbook < 2021-11-22 - Stored Cross-Site Scripting via Comment Functionality
CVSS 3.5
CVE-2025-2896 MEDIUM
IBM Planning Analytics Local 2.0 and 2.1 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2025-25044 MEDIUM
IBM Planning Analytics Local <2.2 - XSS
CVSS 5.4
CVE-2025-5383 LOW
Yifang CMS < 2.0.2 - Cross-Site Scripting in Article Management Module
CVSS 2.4
CVE-2025-5378 MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via atTxtStreet Parameter
CVSS 4.3
CVE-2025-5377 MEDIUM
Astun Technology iShare Maps 5.4.0 - Cross-Site Scripting via historic1.asp Zoom Parameter
CVSS 4.3
CVE-2025-5290 MEDIUM
Borderless Elementor Addons & Templates 1.7.1 - XSS
CVSS 6.4
CVE-2025-3813 MEDIUM
Royal Elementor Addons <= 1.7.1020 - Authenticated Stored XSS via _elementor_data
CVSS 6.4
CVE-2025-5292 MEDIUM
Element Pack Addons for Elementor <5.11.2 - XSS
CVSS 6.4
CVE-2025-5285 MEDIUM
Product Subtitle for WooCommerce <= 1.3.9 - Authenticated Stored Cross-Site Scripting via htmlTag Parameter
CVSS 6.4
CVE-2025-4595 MEDIUM
FastSpring <= 3.0.1 - Authenticated Stored Cross-Site Scripting via Block Color Attribute
CVSS 6.4
CVE-2025-4590 MEDIUM
WordPress prijsvergelijkers <4.8.4 - XSS
CVSS 6.4
CVE-2025-5016 MEDIUM
Relevanssi - A Better Search <4.24.5, 2.27.6 - XSS
CVSS 4.7
CVE-2025-48883 MEDIUM
chrome-php/chrome < 1.14.0 - Cross-Site Scripting via CSS Selector Expression
CVE-2025-4992 HIGH
Service Process Engineer <R2025x - XSS
CVSS 8.7
CVE-2025-4991 HIGH
Dassault Systmes Collaborative Industry Innovator R2022x-R2025x - Stored Cross-Site Scripting in 3D Markup
CVSS 8.7
CVE-2025-4990 HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Change Governance
CVSS 8.7
CVE-2025-4989 HIGH
Dassault Systmes Product Manager R2022x-R2025x - Stored Cross-Site Scripting in Requirements
CVSS 8.7
CVE-2025-4988 HIGH
Multidisciplinary Optimization Engineer <R2024x - XSS
CVSS 8.7
CVE-2025-4986 HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Model Definition
CVSS 8.7
CVE-2025-4985 HIGH
Dassault Systmes Project Portfolio Manager R2022x-R2025x - Stored Cross-Site Scripting in Risk Management
CVSS 8.7
Details
Vulnerabilities 45,155
Exploit Likelihood High