CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-44180 MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting in Brand Edit Parameter
CVSS 6.1
CVE-2025-3742 MEDIUM
Responsive Lightbox & Gallery <2.5.1 - XSS
CVSS 6.8
CVE-2025-4591 MEDIUM
Weluka Lite <= 1.0.3 - Authenticated Stored Cross-Site Scripting via weluka-map Shortcode
CVSS 6.4
CVE-2025-4589 MEDIUM
Bon Toolkit <= 1.3.2 - Authenticated Stored Cross-Site Scripting via bt-map Shortcode
CVSS 6.4
CVE-2025-4579 HIGH
WP Content Security Plugin <2.4 - XSS
CVSS 7.2
CVE-2025-47783 MEDIUM
Label Studio < 1.18.0 - Stored Cross-Site Scripting via Projects Upload Example Endpoint
CVSS 6.1
CVE-2025-29691 MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via userName Parameter
CVSS 6.1
CVE-2025-29690 MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via outtype Parameter
CVSS 6.1
CVE-2025-29689 MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Password Parameter
CVSS 6.1
CVE-2025-29688 MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
CVSS 6.1
CVE-2025-29686 MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
CVSS 6.1
CVE-2025-47885 HIGH
Jenkins Health Advisor by CloudBees < 374.v194b_d4f0c8c8 - Stored Cross-Site Scripting via Server Response
CVSS 8.8
CVE-2025-44024 MEDIUM
Pichome < 2.1.0 - Cross-Site Scripting via Login Form Input
CVSS 6.1
CVE-2025-33104 MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 4.4
CVE-2025-0133 LOW
PAN-OS 10.1.0-11.2.7 - Reflected Cross-Site Scripting in GlobalProtect Captive Portal
CVE-2025-46786 MEDIUM
Zoom Meeting SDK and Rooms < 6.4.0 - Authenticated Cross-Site Scripting
CVSS 4.3
CVE-2025-30664 MEDIUM
Zoom Meeting SDK and Workplace Apps < 6.4.0 - Authenticated Cross-Site Scripting
CVSS 6.6
CVE-2025-47705 MEDIUM
Drupal IFrame Remove Filter < 2.0.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47704 MEDIUM
Drupal Klaro Cookie & Consent Management < 3.0.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47703 MEDIUM
Drupal COOKiES Consent Management < 1.2.14 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47702 MEDIUM
oembed_providers < 2.2.2 - Cross-Site Scripting
CVSS 6.1
CVE-2025-44184 MEDIUM
Best Employee Management System 1.0 - Stored Cross-Site Scripting via Profile Parameters
CVSS 4.8
CVE-2025-47777 CRITICAL
5ire < 0.11.1 - Stored Cross-Site Scripting and Remote Code Execution via Electron Protocol Handling
CVSS 9.6
CVE-2025-43567 CRITICAL
Adobe Connect < 12.9 - Reflected Cross-Site Scripting via Vulnerable Form Fields
CVSS 9.3
CVE-2025-30316 MEDIUM
Adobe Connect < 12.9 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
Details
Vulnerabilities 45,165
Exploit Likelihood High