CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,169 vulnerabilities with CWE-79
CVE-2025-4512 MEDIUM
Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 - XSS
CVSS 4.3
CVE-2025-3878 MEDIUM
SMS Alert Order Notifications < 3.8.1 - Authenticated Stored Cross-Site Scripting via sa_verify Shortcode
CVSS 6.4
CVE-2025-2944 MEDIUM
Jeg Elementor Kit <= 2.6.12 - Authenticated Stored Cross-Site Scripting via Video Button and Countdown Widgets
CVSS 6.4
CVE-2025-4495 LOW
JAdmin 1.0 - Cross-Site Scripting via /memoAjax/save ID Parameter
CVSS 3.5
CVE-2025-3794 MEDIUM
WPForms < 1.9.5 - Authenticated Stored Cross-Site Scripting via start_timestamp Parameter
CVSS 5.4
CVE-2025-4470 LOW
Online Student Clearance System 1.0 - Cross-Site Scripting via Fullname Parameter
CVSS 2.4
CVE-2025-4469 LOW
Online Student Clearance System 1.0 - Cross-Site Scripting via Admin Add Form Parameters
CVSS 2.4
CVE-2025-4461 LOW
TOTOLINK N150RT 3.4.0-B20190525 - Cross-Site Scripting in Virtual Server Page
CVSS 2.4
CVE-2025-4460 LOW
TOTOLINK N150RT 3.4.0-B20190525 - Cross-Site Scripting in URL Filtering Page
CVSS 2.4
CVE-2025-28074 MEDIUM
phplist < 3.6.15 - Cross-Site Scripting in lt.php
CVSS 6.1
CVE-2025-46812 LOW
Trix < 2.1.15 - Stored Cross-Site Scripting via Pasting Malicious Code
CVE-2025-28073 MEDIUM
phplist < 3.6.15 - Reflected Cross-Site Scripting via /lists/dl.php id Parameter
CVSS 6.1
CVE-2025-43926 MEDIUM
Znuny < 6.5.14 and 7.x < 7.1.6 - Cross-Site Scripting via AgentPreferences UpdateAJAX
CVSS 6.1
CVE-2025-3862 MEDIUM
Contest Gallery < 26.0.6 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2025-3468 MEDIUM
NEX-Forms < 8.9.1 - Authenticated Stored Cross-Site Scripting via clean_html and form_fields Parameters
CVSS 6.4
CVE-2025-2806 MEDIUM
tagDiv Composer < 5.3 - Unauthenticated Reflected Cross-Site Scripting via Data Parameter
CVSS 6.1
CVE-2025-4127 MEDIUM
WP SEO Structured Data Schema <= 2.7.11 - Authenticated Stored Cross-Site Scripting via Price Range Parameter
CVSS 6.4
CVE-2025-45388 MEDIUM
Wagtail CMS 6.4.1 - Stored Cross-Site Scripting via Document Upload
CVSS 6.1
CVE-2025-29746 MEDIUM
Koillection < 1.6.12 - Cross-Site Scripting via Collection, Wishlist, and Album Components
CVSS 6.1
CVE-2025-46824 LOW
Discourse Code Review Plugin <eed3a80 - XSS
CVSS 3.1
CVE-2025-20147 MEDIUM
Cisco Catalyst SD-WAN Manager - XSS
CVSS 5.4
CVE-2025-46827 HIGH
Graylog <6.0.14-6.2.0 - Info Disclosure
CVSS 8.0
CVE-2025-47686 MEDIUM
DELUCKS SEO <= 2.5.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47679 MEDIUM
RS WP Book Showcase <= 6.7.59 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-47677 MEDIUM
gt3themes Photo Gallery <2.7.7.25 - XSS
CVSS 6.5
Details
Vulnerabilities 45,169
Exploit Likelihood High