CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-30315 MEDIUM
Adobe Connect < 12.9 - Stored Cross-Site Scripting via Form Field Injection
CVSS 6.1
CVE-2025-30314 MEDIUM
Adobe Connect < 12.9 - Stored Cross-Site Scripting via Form Field Injection
CVSS 6.1
CVE-2025-4647 HIGH
Centreon Web 22.10.0-22.10.29 - Reflected Cross-Site Scripting via SVG Content Replacement
CVSS 8.4
CVE-2025-22249 HIGH
VMware Aria Automation - DOM-Based Cross-Site Scripting via Crafted Payload URL
CVSS 8.2
CVE-2025-43006 MEDIUM
SAP Supplier Relationship Management - XSS
CVSS 6.1
CVE-2025-30009 MEDIUM
SAP Supplier Relationship Management - XSS
CVSS 6.1
CVE-2025-26662 MEDIUM
Data Services Management Console - XSS
CVSS 4.4
CVE-2025-46825 MEDIUM
Kanboard 1.2.26-1.2.44 - Stored Cross-Site Scripting via Project Creation Name Parameter
CVSS 5.4
CVE-2025-24225 MEDIUM
iPadOS < 17.7.7 and < 18.5 - Cross-Site Scripting via Email Processing
CVSS 6.5
CVE-2025-46749 MEDIUM
SEL Blueframe OS < 1.10.0 - Authenticated Stored Cross-Site Scripting
CVSS 4.3
CVE-2025-47578 MEDIUM
Edward Caissie BNS Twitter Follow Button <0.3.8 - XSS
CVSS 6.5
CVE-2025-46611 MEDIUM
ARTEC EMA Mail 6.92 - Cross-Site Scripting via Crafted Script
CVSS 6.1
CVE-2025-26841 MEDIUM
Everest Forms < 3.0.9 - Cross-Site Scripting via File Upload
CVSS 6.1
CVE-2025-40627 MEDIUM
AbanteCart 1.4.0 - Reflected Cross-Site Scripting via /eyes Parameter
CVSS 6.1
CVE-2025-40626 MEDIUM
AbanteCart 1.4.0 - Reflected Cross-Site Scripting via About Us Page Parameter
CVSS 6.1
CVE-2025-46729 LOW
julmud/phpDVDProfiler <20250511 - XSS
CVE-2025-41393 MEDIUM
Ricoh and KONICA MINOLTA Web Image Monitor - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-3649 MEDIUM
LightPress Lightbox < 2.3.4 - Authenticated Stored Cross-Site Scripting via Download Link
CVSS 6.8
CVE-2025-4551 LOW
ContiNew Admin < 3.6.0 - Stored Cross-Site Scripting via /dev-api/common/file File Parameter
CVSS 3.5
CVE-2025-4547 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting in Add User Page
CVSS 2.4
CVE-2025-47828 MEDIUM
Lumieducation H5p-server < 9.3.3 - XSS
CVSS 6.4
CVE-2025-4512 MEDIUM
Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 - XSS
CVSS 4.3
CVE-2025-3878 MEDIUM
SMS Alert Order Notifications < 3.8.1 - Authenticated Stored Cross-Site Scripting via sa_verify Shortcode
CVSS 6.4
CVE-2025-2944 MEDIUM
Jeg Elementor Kit <= 2.6.12 - Authenticated Stored Cross-Site Scripting via Video Button and Countdown Widgets
CVSS 6.4
CVE-2025-4495 LOW
JAdmin 1.0 - Cross-Site Scripting via /memoAjax/save ID Parameter
CVSS 3.5
Details
Vulnerabilities 45,165
Exploit Likelihood High