CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,169 vulnerabilities with CWE-79
CVE-2025-4293
LOW
MRCMS 3.1.3 - Cross-Site Scripting in Group Edit Page
CVSS 2.4
CVE-2025-4292
LOW
MRCMS 3.1.3 - Cross-Site Scripting via Username Parameter in Edit User Page
CVSS 2.4
CVE-2025-46734
MEDIUM
league/commonmark 1.5.0-2.6.x - XSS
CVSS 6.4
CVE-2025-46719
MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via Chat Message HTML Tag Injection
CVSS 5.4
CVE-2025-46571
MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via HTML File Upload
CVSS 5.4
CVE-2025-46335
MEDIUM
Mobile Security Framework < 4.3.3 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2025-29573
MEDIUM
Mezzanine 6.0.0 - Stored Cross-Site Scripting in Forms Module View Entries Feature
CVSS 6.1
CVE-2025-45236
MEDIUM
DBSyncer 2.0.6 - Stored Cross-Site Scripting via Nickname Parameter
CVSS 5.4
CVE-2025-27921
MEDIUM
Output Messenger < 2.0.63 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-45751
MEDIUM
SourceCodester Web Based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via Fullname Field
CVSS 6.1
CVE-2025-3583
MEDIUM
Newsletter < 8.7.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-39363
MEDIUM
Custom Login and Registration < 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-4257
LOW
SeaCMS 13.2 - Cross-Site Scripting via admin_pay.php cstatus Parameter
CVSS 3.5
CVE-2025-4256
LOW
SeaCMS 13.2 - Cross-Site Scripting via admin_paylog.php cstatus Parameter
CVSS 3.5
CVE-2025-3815
MEDIUM
SurveyJS plugin - WordPress <1.12.32 - XSS
CVSS 6.4
CVE-2025-4172
MEDIUM
VerticalResponse Newsletter Widget <1.6 - XSS
CVSS 6.4
CVE-2025-4170
MEDIUM
Xavin's Review Ratings <1.4.0 - XSS
CVSS 6.4
CVE-2025-3779
MEDIUM
Personizely WordPress <0.11 - XSS
CVSS 6.4
CVE-2025-21572
MEDIUM
OpenGrok 1.13.25 - Reflected Cross-Site Scripting via History View Path Segments
CVSS 6.1
CVE-2025-2488
MEDIUM
Profelis Informatics SambaBox <5.1 - XSS
CVSS 6.1
CVE-2025-1301
MEDIUM
Yordam Library Automation System < 21.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-47201
MEDIUM
Intrexx Portal Server < 12.0.4 - Cross-Site Scripting via Velocity Scripts
CVSS 4.4
CVE-2025-3514
LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3513
LOW
SureForms < 1.4.4 - Authenticated Stored Cross-Site Scripting in Form Settings
CVSS 3.5
CVE-2025-3488
MEDIUM
WPML 3.6.0-4.7.3 - Authenticated Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVSS 6.4
Details
Vulnerabilities
45,169
Exploit Likelihood
High