CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,165 vulnerabilities with CWE-79
CVE-2025-44180
MEDIUM
Phpgurukul Vehicle Record Management System 1.0 - Stored Cross-Site Scripting in Brand Edit Parameter
CVSS 6.1
CVE-2025-3742
MEDIUM
Responsive Lightbox & Gallery <2.5.1 - XSS
CVSS 6.8
CVE-2025-4591
MEDIUM
Weluka Lite <= 1.0.3 - Authenticated Stored Cross-Site Scripting via weluka-map Shortcode
CVSS 6.4
CVE-2025-4589
MEDIUM
Bon Toolkit <= 1.3.2 - Authenticated Stored Cross-Site Scripting via bt-map Shortcode
CVSS 6.4
CVE-2025-4579
HIGH
WP Content Security Plugin <2.4 - XSS
CVSS 7.2
CVE-2025-47783
MEDIUM
Label Studio < 1.18.0 - Stored Cross-Site Scripting via Projects Upload Example Endpoint
CVSS 6.1
CVE-2025-29691
MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via userName Parameter
CVSS 6.1
CVE-2025-29690
MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via outtype Parameter
CVSS 6.1
CVE-2025-29689
MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Password Parameter
CVSS 6.1
CVE-2025-29688
MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
CVSS 6.1
CVE-2025-29686
MEDIUM
OA System < 2025-01-01 - Cross-Site Scripting via Title Parameter
CVSS 6.1
CVE-2025-47885
HIGH
Jenkins Health Advisor by CloudBees < 374.v194b_d4f0c8c8 - Stored Cross-Site Scripting via Server Response
CVSS 8.8
CVE-2025-44024
MEDIUM
Pichome < 2.1.0 - Cross-Site Scripting via Login Form Input
CVSS 6.1
CVE-2025-33104
MEDIUM
IBM WebSphere App Server <9.0 - XSS
CVSS 4.4
CVE-2025-0133
LOW
PAN-OS 10.1.0-11.2.7 - Reflected Cross-Site Scripting in GlobalProtect Captive Portal
CVE-2025-46786
MEDIUM
Zoom Meeting SDK and Rooms < 6.4.0 - Authenticated Cross-Site Scripting
CVSS 4.3
CVE-2025-30664
MEDIUM
Zoom Meeting SDK and Workplace Apps < 6.4.0 - Authenticated Cross-Site Scripting
CVSS 6.6
CVE-2025-47705
MEDIUM
Drupal IFrame Remove Filter < 2.0.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47704
MEDIUM
Drupal Klaro Cookie & Consent Management < 3.0.5 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47703
MEDIUM
Drupal COOKiES Consent Management < 1.2.14 - Cross-Site Scripting
CVSS 6.1
CVE-2025-47702
MEDIUM
oembed_providers < 2.2.2 - Cross-Site Scripting
CVSS 6.1
CVE-2025-44184
MEDIUM
Best Employee Management System 1.0 - Stored Cross-Site Scripting via Profile Parameters
CVSS 4.8
CVE-2025-47777
CRITICAL
5ire < 0.11.1 - Stored Cross-Site Scripting and Remote Code Execution via Electron Protocol Handling
CVSS 9.6
CVE-2025-43567
CRITICAL
Adobe Connect < 12.9 - Reflected Cross-Site Scripting via Vulnerable Form Fields
CVSS 9.3
CVE-2025-30316
MEDIUM
Adobe Connect < 12.9 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
Details
Vulnerabilities
45,165
Exploit Likelihood
High