CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,157 vulnerabilities with CWE-79
CVE-2025-4986
HIGH
Dassault Systmes Product Manager 3DEXPERIENCE R2022x-R2025x - Stored Cross-Site Scripting in Model Definition
CVSS 8.7
CVE-2025-4985
HIGH
Dassault Systmes Project Portfolio Manager R2022x-R2025x - Stored Cross-Site Scripting in Risk Management
CVSS 8.7
CVE-2025-4984
HIGH
Dassault Systmes City Referential Manager Release 3DEXPERIENCE R2025x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-4983
HIGH
Dassault Systmes City Referential Manager Release 3DEXPERIENCE R2025x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2025-0602
HIGH
Collaborative Industry Innovator <R2025x - XSS
CVSS 8.7
CVE-2025-4944
MEDIUM
LA-Studio Element Kit < 1.5.2 - Authenticated Stored XSS via Image Compare & Google Maps Widgets
CVSS 6.4
CVE-2025-1763
HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
CVSS 8.7
CVE-2025-5235
MEDIUM
OpenSheetMusicDisplay < 1.4.0 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-5236
MEDIUM
NinjaTeam Chat for Telegram < 1.2 - Authenticated Stored Cross-Site Scripting via Username Parameter
CVSS 6.4
CVE-2025-4943
MEDIUM
LA-Studio Element Kit for Elementor <= 1.5.2 - Stored XSS via data-lakit-element-link
CVSS 6.4
CVE-2025-48875
MEDIUM
freescout < 1.8.181 - Stored Cross-Site Scripting via Profile Name Fields
CVSS 5.4
CVE-2025-48489
MEDIUM
FreeScout < 1.8.180 - Cross-Site Scripting
CVSS 4.8
CVE-2025-48488
MEDIUM
freescout < 1.8.180 - Stored Cross-Site Scripting via .htaccess Deletion and HTML File Upload
CVSS 5.4
CVE-2025-48487
MEDIUM
FreeScout < 1.8.180 - Stored Cross-Site Scripting via Flash Message Translation
CVSS 4.8
CVE-2025-48486
MEDIUM
FreeScout < 1.8.180 - Cross-Site Scripting via Session Flash and Translation Functions
CVSS 5.4
CVE-2025-48485
MEDIUM
freescout < 1.8.180 - Authenticated Stored Cross-Site Scripting via Customer Profile Update
CVSS 5.4
CVE-2025-41406
MEDIUM
wivia 5 Firmware - Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-5259
MEDIUM
Minimal Share Buttons <= 1.7.3 - Authenticated Stored Cross-Site Scripting via Align Parameter
CVSS 6.4
CVE-2025-4429
MEDIUM
Gearside Developer Dashboard < 1.0.72 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-48484
MEDIUM
freescout < 1.8.178 - Stored Cross-Site Scripting via Conversation POST Data Body
CVSS 5.4
CVE-2025-48483
MEDIUM
FreeScout < 1.8.180 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Mail Signature
CVSS 5.4
CVE-2025-47933
CRITICAL
Argo CD < 2.13.8, 2.14.13, 3.0.4 - Cross-Site Scripting via Repository Page URL Protocol
CVSS 9.0
CVE-2025-5286
MEDIUM
Bold Page Builder <= 5.3.6 - Authenticated Stored Cross-Site Scripting via Additional Settings Parameter
CVSS 6.4
CVE-2025-5122
MEDIUM
Map Block Leaflet plugin <3.2.1 - XSS
CVSS 6.4
CVE-2025-4670
MEDIUM
Easy Digital Downloads <3.3.8.1 - XSS
CVSS 6.4
Details
Vulnerabilities
45,157
Exploit Likelihood
High