CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,157 vulnerabilities with CWE-79
CVE-2025-45754 MEDIUM
SeedDMS 6.0.32 - Stored Cross-Site Scripting via Document Name
CVSS 5.4
CVE-2025-20250 MEDIUM
Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-20247 MEDIUM
Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-20246 MEDIUM
Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2025-48206 MEDIUM
ns_backup < 13.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2025-48203 MEDIUM
cs_seo 6.3.0-6.7.9, 7.0.0-7.4.9, 8.0.0-8.3.9, 9.0.0-9.2.0 - Cross-Site Scripting
CVSS 6.4
CVE-2025-1420 LOW
Proget < 2.17.5 - Stored Cross-Site Scripting in Activation Message Field
CVE-2025-1419 LOW
Proget < 2.17.5 - Stored Cross-Site Scripting in Comment Section
CVE-2025-4611 MEDIUM
Slim SEO - Fast & Automated WordPress SEO Plugin <4.5.3 - XSS
CVSS 6.4
CVE-2025-4221 MEDIUM
Animated Buttons <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Auto-Downloader Shortcode
CVSS 6.4
CVE-2025-4219 MEDIUM
DPEPress <= 0.3 - Authenticated Stored Cross-Site Scripting via 'dpe' Shortcode
CVSS 6.4
CVE-2025-4217 MEDIUM
WP YouTube Video Optimizer <1.2 - XSS
CVSS 6.4
CVE-2025-3781 MEDIUM
Raisely Donation Form <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-3750 MEDIUM
Network Posts Extended <7.7.1 - XSS
CVSS 6.4
CVE-2025-5013 MEDIUM
HkCms <= 2.3.2.240702 - Cross-Site Scripting via Search Keyword Parameter
CVSS 4.3
CVE-2025-5011 LOW
moonlightl hexo-boot 4.3.0 - Cross-Site Scripting in Dynamic List Page
CVSS 2.4
CVE-2025-5010 LOW
moonlightl hexo-boot 4.3.0 - Cross-Site Scripting via Description Argument
CVSS 2.4
CVE-2025-5007 LOW
Part-DB < 1.17.0 - Cross-Site Scripting via Profile Picture Attachment Upload
CVSS 3.5
CVE-2025-4996 LOW
Intelbras RF 301K 1.1.5 - Cross-Site Scripting via Add Static IP Description Parameter
CVSS 2.4
CVE-2025-47853 MEDIUM
JetBrains TeamCity < 2025.03.2 - Stored Cross-Site Scripting via Jira Integration
CVSS 4.8
CVE-2025-47852 MEDIUM
JetBrains TeamCity < 2025.03.2 - Stored Cross-Site Scripting via YouTrack Integration
CVSS 4.8
CVE-2025-47851 MEDIUM
JetBrains TeamCity < 2025.03.2 - Stored Cross-Site Scripting via GitHub Checks Webhook
CVSS 4.8
CVE-2025-41228 MEDIUM
VMware vCenter Server 8.0-8.0 U3e and Cloud Foundation 4.5.x-5.x - Reflected Cross-Site Scripting
CVSS 4.3
CVE-2025-40633 MEDIUM
Koibox < e8cbce2 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload
CVE-2025-4951 MEDIUM
Rapid7 AppSpider Pro < 7.5.018 - Stored Cross-Site Scripting via ScanName Field Configuration Bypass
CVSS 4.6
Details
Vulnerabilities 45,157
Exploit Likelihood High