CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-5127 LOW
FLIR AX8 Firmware 1.46.0-1.46.16 - Cross-Site Scripting via /prod.php cmd Parameter
CVSS 3.5
CVE-2025-4223 MEDIUM
Page Builder: Pagelayer < 2.0.0 - Reflected Cross-Site Scripting via Login URL Parameter
CVSS 4.7
CVE-2025-5055 MEDIUM
Smart Forms < 2.6.98 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-3869 MEDIUM
4stats <= 2.0.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Missing Nonce Validation
CVSS 6.1
CVE-2025-44998 MEDIUM
TinyFileManager 2.4.7 - Stored Cross-Site Scripting via js-theme-3 Parameter
CVSS 6.1
CVE-2025-48378 MEDIUM
DNN <9.13.9 - Cross-Site Scripting
CVSS 5.4
CVE-2025-48377 MEDIUM
DNN <9.13.9 - Cross-Site Scripting
CVSS 5.4
CVE-2025-43860 HIGH
OpenEMR < 7.0.3.4 - Authenticated Stored Cross-Site Scripting via Patient Demographics Address Fields
CVSS 7.6
CVE-2025-32794 HIGH
OpenEMR < 7.0.3.4 - Authenticated Stored Cross-Site Scripting via Patient Name Fields
CVSS 7.6
CVE-2025-48286 HIGH
catkin ReDi Restaurant Reservation <24.1209 - XSS
CVSS 7.1
CVE-2025-48245 HIGH
fullworks Quick Contact Form <8.2.1 - XSS
CVSS 7.1
CVE-2025-48241 HIGH
Verge3D <= 4.9.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47680 HIGH
Michel - xiligroup dev xili-tidy-tags <1.12.06 - XSS
CVSS 7.1
CVE-2025-47678 HIGH
FunnelCockpit <= 1.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47673 HIGH
Arconix Shortcodes <= 2.1.16 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47618 HIGH
BMI Adult & Kid Calculator <1.2.2 - XSS
CVSS 7.1
CVE-2025-47613 HIGH
Mojoomla School Management <92.0.0 - XSS
CVSS 7.1
CVE-2025-47611 HIGH
Khaled User Meta <= 3.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47458 HIGH
B2i Investor Tools <= 1.0.7.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46537 HIGH
Section Widget <= 3.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46526 HIGH
My Custom Widgets <= 2.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46518 MEDIUM
phpaddicted IGIT Related Posts With Thumb Image After Posts <4.5.3 ...
CVSS 6.5
CVE-2025-46515 HIGH
M A Vinoth Kumar Category Widget <2.0.2 - XSS
CVSS 7.1
CVE-2025-46493 MEDIUM
Wordwebsoftware Crossword Compiler Puzzles <5.3 - XSS
CVSS 6.5
CVE-2025-46487 HIGH
sftranna EC Authorize.net <0.3.3 - XSS
CVSS 7.1
Details
Vulnerabilities 45,157
Exploit Likelihood High