CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-39509 MEDIUM
TNC FlipBook <= 12.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-32180 MEDIUM
QuanticaLabs CSS3 Tooltips <1.8 - Info Disclosure
CVSS 6.5
CVE-2025-40632 MEDIUM
Icewarp Mail Server 11.4.0 - Stored Cross-Site Scripting via LastLogin Cookie
CVSS 6.1
CVE-2025-3516 MEDIUM
Simple Lightbox < 2.9.4 - Authenticated Stored Cross-Site Scripting via Unsanitized Attributes
CVSS 5.9
CVE-2025-3201 MEDIUM
kali_forms < 2.4.3 - Authenticated Stored Cross-Site Scripting via Unsanitized Settings
CVSS 5.9
CVE-2025-4745 LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-4744 LOW
Employee Record System 1.0 - Cross-Site Scripting via employeed_id/first_name/middle_name/last_name Parameters
CVSS 3.5
CVE-2025-4169 MEDIUM
Posts per Cat [Unmaintained] <1.4.2 - XSS
CVSS 6.4
CVE-2025-47929 LOW
DumbDrop <db27b25372eb9071e63583d8faed2111a2b79f1b - XSS
CVE-2025-47786 MEDIUM
emlog 2.5.13 - Stored Cross-Site Scripting via perpage_num Parameter
CVSS 4.8
CVE-2025-1454 MEDIUM
Ninja Pages < 1.4.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.4
CVE-2025-1303 MEDIUM
Plugin Oficial < 1.8.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-1289 MEDIUM
Plugin Oficial WordPress <1.7.3 - XSS
CVSS 4.8
CVE-2025-1286 MEDIUM
Download HTML TinyMCE Button < 1.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-1033 MEDIUM
Badgearoo < 1.0.14 - Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-0688 MEDIUM
WordPress Spiritual Gifts Survey <0.9.10 - XSS
CVSS 6.1
CVE-2025-0687 MEDIUM
Spirituual Gifts Survey <0.9.10 - XSS
CVSS 6.1
CVE-2025-0329 MEDIUM
AI ChatBot for WordPress <6.2.4 - XSS
CVSS 4.8
CVE-2025-44110 MEDIUM
FluxBB 1.5.11 - Stored Cross-Site Scripting via Forum Description Field
CVSS 5.4
CVE-2025-1647 MEDIUM
Bootstrap 3.4.1-4.0.0 - Cross-Site Scripting
CVSS 5.6
CVE-2025-48051 MEDIUM
Lichess powertip.ts < 2025-03-27 - Cross-Site Scripting via innerHTML DOM Node Text Extraction
CVSS 4.7
CVE-2025-3440 MEDIUM
IBM Security Guardium 11.5 - Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-44183 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Profile Parameters
CVSS 6.1
CVE-2025-44182 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Edit Vehicle Parameters
CVSS 6.1
CVE-2025-44181 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting via Brand Name Parameter
CVSS 6.1
Details
Vulnerabilities 45,165
Exploit Likelihood High