CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-4583 MEDIUM
Smash Balloon Social Photo Feed - Stored XSS
CVSS 5.4
CVE-2025-27706 LOW
Absolute Secure Access < 13.54 - Authenticated Stored Cross-Site Scripting in Management Console
CVSS 3.4
CVE-2025-31501 HIGH
Request Tracker 4.4.0-4.4.8 - Cross-Site Scripting via RT Permalink
CVSS 7.2
CVE-2025-31500 HIGH
Request Tracker 5.0-5.0.7 - Cross-Site Scripting via Asset Name
CVSS 7.2
CVE-2025-30087 HIGH
Best Practical RT <4.4.7, 5.0.7 - XSS
CVSS 7.2
CVE-2025-1461 MEDIUM
Vuetify 2.0.0-2.99.9 - Cross-Site Scripting in VCalendar eventMoreText Property
CVSS 5.6
CVE-2025-40651 MEDIUM
Real Easy Store - Reflected Cross-Site Scripting via Search Keyword Parameter
CVE-2025-4963 MEDIUM
The Ultimate WordPress Toolkit - WP Extended <= 3.0.15 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-5082 MEDIUM
WP Attachments <= 5.0.12 - Unauthenticated Reflected Cross-Site Scripting via attachment_id Parameter
CVSS 6.1
CVE-2025-5198 MEDIUM
Red Hat Advanced Cluster Security - Stored Cross-Site Scripting via Kubernetes Role Name
CVSS 5.0
CVE-2025-46173 MEDIUM
Online Exam Mastering System 1.0 - Stored Cross-Site Scripting via Feedback Form Name Field
CVSS 6.1
CVE-2025-3704 MEDIUM
DBAR Productions Volunteer Sign Up Sheets <5.5.5 - XSS
CVSS 5.9
CVE-2025-4682 MEDIUM
Essential Blocks < 5.4.0 - Authenticated Stored Cross-Site Scripting via Slider and Post Carousel Widgets
CVSS 6.4
CVE-2025-4783 MEDIUM
Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated Stored Cross-Site Scripting via Countdown Timer Widget
CVSS 6.4
CVE-2025-40663 MEDIUM
i2A Cronos 23.02.01.17 - Authenticated Stored Cross-Site Scripting via SVG Image Upload
CVE-2025-40652 MEDIUM
CoverManager - Stored Cross-Site Scripting
CVE-2025-5181 LOW
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Cross-Site Scripting via spgLsTitle Parameter
CVSS 3.5
CVE-2025-5179 LOW
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Name/Usurio Argument
CVSS 2.4
CVE-2025-5177 MEDIUM
Realce Tecnologia Queue Ticket Kiosk < 2025-05-17 - Cross-Site Scripting via Admin Login Page Usurio Parameter
CVSS 4.3
CVE-2025-1985 MEDIUM
Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and LB8122A.1.EL < V1.3.13 - Stored XSS in Web-UI
CVSS 6.1
CVE-2025-5153 LOW
CMS Made Simple 2.2.21 - Cross-Site Scripting in Design Manager Module
CVSS 3.5
CVE-2025-5138 LOW
Bitwarden < 2.25.1 - Cross-Site Scripting in PDF File Handler
CVSS 3.5
CVE-2025-5135 LOW
Tmall Demo < 2025-05-05 - Cross-Site Scripting via Product Name/Product Title
CVSS 2.4
CVE-2025-5134 LOW
Tmall Demo < 2025-05-05 - Cross-Site Scripting via Buy Item Page Detailed Address Parameter
CVSS 3.5
CVE-2025-5133 MEDIUM
Tmall Demo < 2025-05-05 - Cross-Site Scripting in Search Box
CVSS 4.3
Details
Vulnerabilities 45,157
Exploit Likelihood High