CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-4986 HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Model Definition
CVSS 8.7
CVE-2025-4985 HIGH
Dassault Systmes Project Portfolio Manager R2022x-R2025x - Stored Cross-Site Scripting in Risk Management
CVSS 8.7
CVE-2025-4984 HIGH
Dassault Systmes City Referential Manager Release 3DEXPERIENCE R2025x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-4983 HIGH
Dassault Systmes City Referential Manager Release 3DEXPERIENCE R2025x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-0602 HIGH
Collaborative Industry Innovator <R2025x - XSS
CVSS 8.7
CVE-2025-4944 MEDIUM
LA-Studio Element Kit < 1.5.2 - Authenticated Stored XSS via Image Compare & Google Maps Widgets
CVSS 6.4
CVE-2025-1763 HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
CVSS 8.7
CVE-2025-5235 MEDIUM
OpenSheetMusicDisplay < 1.4.0 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-5236 MEDIUM
NinjaTeam Chat for Telegram < 1.2 - Authenticated Stored Cross-Site Scripting via Username Parameter
CVSS 6.4
CVE-2025-4943 MEDIUM
LA-Studio Element Kit for Elementor <= 1.5.2 - Stored XSS via data-lakit-element-link
CVSS 6.4
CVE-2025-48875 MEDIUM
freescout < 1.8.181 - Stored Cross-Site Scripting via Profile Name Fields
CVSS 5.4
CVE-2025-48489 MEDIUM
FreeScout < 1.8.180 - Cross-Site Scripting
CVSS 4.8
CVE-2025-48488 MEDIUM
freescout < 1.8.180 - Stored Cross-Site Scripting via .htaccess Deletion and HTML File Upload
CVSS 5.4
CVE-2025-48487 MEDIUM
FreeScout < 1.8.180 - Stored Cross-Site Scripting via Flash Message Translation
CVSS 4.8
CVE-2025-48486 MEDIUM
FreeScout < 1.8.180 - Cross-Site Scripting via Session Flash and Translation Functions
CVSS 5.4
CVE-2025-48485 MEDIUM
freescout < 1.8.180 - Authenticated Stored Cross-Site Scripting via Customer Profile Update
CVSS 5.4
CVE-2025-41406 MEDIUM
wivia 5 Firmware - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-5259 MEDIUM
Minimal Share Buttons <= 1.7.3 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2025-4429 MEDIUM
Gearside Developer Dashboard < 1.0.72 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-48484 MEDIUM
freescout < 1.8.178 - Stored Cross-Site Scripting via Conversation POST Data Body
CVSS 5.4
CVE-2025-48483 MEDIUM
FreeScout < 1.8.180 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Mail Signature
CVSS 5.4
CVE-2025-47933 CRITICAL
Argo CD < 2.13.8, 2.14.13, 3.0.4 - Cross-Site Scripting via Repository Page URL Protocol
CVSS 9.0
CVE-2025-5286 MEDIUM
Bold Page Builder <= 5.3.6 - Authenticated Stored Cross-Site Scripting via Additional Settings Parameter
CVSS 6.4
CVE-2025-5122 MEDIUM
Map Block Leaflet plugin <3.2.1 - XSS
CVSS 6.4
CVE-2025-4670 MEDIUM
Easy Digital Downloads <3.3.8.1 - XSS
CVSS 6.4
Details
Vulnerabilities 45,157
Exploit Likelihood High