CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,173 vulnerabilities with CWE-79
CVE-2025-40616 MEDIUM
Bookgy - Reflected Cross-Site Scripting via IDRESERVA Parameter
CVSS 6.1
CVE-2025-40615 MEDIUM
Bookgy - Reflected Cross-Site Scripting via TEXTO Parameter in /api/api_ajustes.php
CVSS 6.1
CVE-2025-1551 MEDIUM
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2025-3929 MEDIUM
MDaemon Email Server < 20.0.9 - Stored Cross-Site Scripting via HTML Email img Tag
CVSS 6.1
CVE-2025-2893 MEDIUM
Gutenverse < 2.2.1 - Authenticated Stored Cross-Site Scripting via Countdown Block
CVSS 6.4
CVE-2025-46343 MEDIUM
n8n < 1.90.0 - Authenticated Stored Cross-Site Scripting via Attachments View Endpoint
CVSS 5.0
CVE-2025-46338 MEDIUM
audiobookshelf < 2.21.0 - Reflected Cross-Site Scripting via API Upload Endpoint
CVSS 6.1
CVE-2025-25776 MEDIUM
Codeastro Bus Ticket Booking System 1.0 - Stored Cross-Site Scripting via User Registration and Profile Fields
CVSS 5.0
CVE-2025-4011 LOW
Redmine 6.0.0-6.0.3 - Cross-Site Scripting via Custom Query Name Parameter
CVSS 3.5
CVE-2025-0627 LOW
WordPress Tag, Category, and Taxonomy Manager <3.30.0 - XSS
CVSS 3.5
CVE-2025-4000 LOW
Seeyon OA Web Application System 8.1 SP2 - Cross-Site Scripting via ssoproxy.jsp Name Parameter
CVSS 3.5
CVE-2025-3999 LOW
Seeyon Zhiyuan OA Web App 8.1 SP2 - XSS
CVSS 3.5
CVE-2025-3996 LOW
TOTOLINK N150RT 3.4.0-B20190525 - XSS
CVSS 2.4
CVE-2025-3706 MEDIUM
104 Corporation eHRMS < V202412 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-3995 LOW
TOTOLINK N150RT 3.4.0-B20190525 - XSS
CVSS 2.4
CVE-2025-3994 LOW
TOTOLINK N150RT 3.4.0-B20190525 - XSS
CVSS 2.4
CVE-2025-46689 MEDIUM
Ververica Platform 2.14.0 - Reflected Cross-Site Scripting via Namespace Default Formats URI
CVSS 5.4
CVE-2025-46657 HIGH
Karaz Karazal < 2025-04-14 - Reflected Cross-Site Scripting via Lang Parameter
CVSS 7.2
CVE-2025-3970 LOW
jsite < 1.0 - Cross-Site Scripting via Remarks Argument
CVSS 3.5
CVE-2025-3965 LOW
itwanger paicoding 1.0.3 - Stored Cross-Site Scripting via /article/app/post Content Argument
CVSS 3.5
CVE-2025-3962 LOW
withstars Books-Management-System 1.0 - XSS
CVSS 3.5
CVE-2025-3961 LOW
withstars Books-Management-System 1.0 - XSS
CVSS 3.5
CVE-2025-3958 LOW
withstars Books-Management-System 1.0 - XSS
CVSS 3.5
CVE-2025-1458 MEDIUM
Element Pack Addons for Elementor < 5.10.30 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2025-32984 MEDIUM
NETSCOUT nGeniusONE < 6.4.0 - Stored Cross-Site Scripting via POST Parameter
CVSS 6.1
Details
Vulnerabilities 45,173
Exploit Likelihood High