CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,169 vulnerabilities with CWE-79
CVE-2025-4293 LOW
MRCMS 3.1.3 - Cross-Site Scripting in Group Edit Page
CVSS 2.4
CVE-2025-4292 LOW
MRCMS 3.1.3 - Cross-Site Scripting via Username Parameter in Edit User Page
CVSS 2.4
CVE-2025-46734 MEDIUM
league/commonmark 1.5.0-2.6.x - XSS
CVSS 6.4
CVE-2025-46719 MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via Chat Message HTML Tag Injection
CVSS 5.4
CVE-2025-46571 MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via HTML File Upload
CVSS 5.4
CVE-2025-46335 MEDIUM
Mobile Security Framework < 4.3.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-29573 MEDIUM
Mezzanine 6.0.0 - Stored Cross-Site Scripting in Forms Module View Entries Feature
CVSS 6.1
CVE-2025-45236 MEDIUM
DBSyncer 2.0.6 - Stored Cross-Site Scripting via Nickname Parameter
CVSS 5.4
CVE-2025-27921 MEDIUM
Output Messenger < 2.0.63 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-45751 MEDIUM
SourceCodester Web Based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via Fullname Field
CVSS 6.1
CVE-2025-3583 MEDIUM
Newsletter < 8.7.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-39363 MEDIUM
Custom Login and Registration < 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-4257 LOW
SeaCMS 13.2 - Cross-Site Scripting via admin_pay.php cstatus Parameter
CVSS 3.5
CVE-2025-4256 LOW
SeaCMS 13.2 - Cross-Site Scripting via admin_paylog.php cstatus Parameter
CVSS 3.5
CVE-2025-3815 MEDIUM
SurveyJS plugin - WordPress <1.12.32 - XSS
CVSS 6.4
CVE-2025-4172 MEDIUM
VerticalResponse Newsletter Widget <1.6 - XSS
CVSS 6.4
CVE-2025-4170 MEDIUM
Xavin's Review Ratings <1.4.0 - XSS
CVSS 6.4
CVE-2025-3779 MEDIUM
Personizely WordPress <0.11 - XSS
CVSS 6.4
CVE-2025-21572 MEDIUM
OpenGrok 1.13.25 - Reflected Cross-Site Scripting via History View Path Segments
CVSS 6.1
CVE-2025-2488 MEDIUM
Profelis Informatics SambaBox <5.1 - XSS
CVSS 6.1
CVE-2025-1301 MEDIUM
Yordam Library Automation System < 21.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-47201 MEDIUM
Intrexx Portal Server < 12.0.4 - Cross-Site Scripting via Velocity Scripts
CVSS 4.4
CVE-2025-3514 LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3513 LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3488 MEDIUM
WPML 3.6.0-4.7.3 - Authenticated Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVSS 6.4
Details
Vulnerabilities 45,169
Exploit Likelihood High