CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,190 vulnerabilities with CWE-79
CVE-2025-3824 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via txtprice/txtproduct_name Parameters
CVSS 2.4
CVE-2025-3823 LOW
Web-based Pharmacy Product Management System 1.0 - Cross-Site Scripting via add-stock.php Parameters
CVSS 2.4
CVE-2025-3822 LOW
SourceCodester Web-based Pharmacy Product Management System 1.0 - XSS via changepassword.php
CVSS 2.4
CVE-2025-3821 LOW
Web-based Pharmacy Product Management System 1.0 - Stored Cross-Site Scripting via add-admin.php Input Fields
CVSS 2.4
CVE-2025-3806 LOW
dazhouda lecms <= 3.0.3 - Cross-Site Scripting in Edit Profile Handler
CVSS 2.4
CVE-2025-3801 LOW
songquanpeng one-api <= 0.6.10 - Cross-Site Scripting via Homepage Content/About System/Footer
CVSS 2.4
CVE-2025-3661 MEDIUM
SB Chart block <= 1.2.6 - Authenticated Stored Cross-Site Scripting via className Parameter
CVSS 6.4
CVE-2025-3809 HIGH
WordPress Debug Log Manager <2.3.4 - XSS
CVSS 7.2
CVE-2025-3275 MEDIUM
Themesflat Addons For Elementor <2.2.5 - XSS
CVSS 6.4
CVE-2025-1457 MEDIUM
Element Pack Addons for Elementor < 5.10.28 - Authenticated Stored XSS via Widgets
CVSS 6.4
CVE-2025-3795 LOW
DaiCuo 1.3.13 - Cross-Site Scripting in SEO Optimization Settings Section
CVSS 2.4
CVE-2025-29513 MEDIUM
NodeBB < 4.0.4 - Stored Cross-Site Scripting in Admin API Access Token Generator
CVSS 6.1
CVE-2025-29512 MEDIUM
NodeBB < 4.0.4 - Stored Cross-Site Scripting via Blacklist IP Functionality
CVSS 6.1
CVE-2025-3789 LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/area/save
CVSS 3.5
CVE-2025-3788 LOW
JSite 1.0 - Cross-Site Scripting via Name Parameter in /a/sys/user/save
CVSS 3.5
CVE-2025-3106 MEDIUM
LA-Studio Element Kit for Elementor < 1.4.9 - Authenticated Stored Cross-Site Scripting via Table of Contents Widget
CVSS 6.4
CVE-2025-3056 MEDIUM
WordPress Download Manager <3.3.12 - XSS
CVSS 5.4
CVE-2025-3598 MEDIUM
Coupon Affiliates Affiliate Plugin - WooCommerce < .6.3.0 - XSS
CVSS 6.1
CVE-2025-2162 MEDIUM
MapPress Maps for WordPress <2.94.10 - XSS
CVSS 4.8
CVE-2025-39469 HIGH
Pantherius Modal Survey <2.0.2.0.1 - XSS
CVSS 7.1
CVE-2025-2613 MEDIUM
Login Manager <= 2.0.5 - Authenticated Stored XSS via Custom Logo/Background URLs
CVSS 4.4
CVE-2025-25427 MEDIUM
TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 - Stored Cross-Site Scripting via UPnP Port Mapping Description
CVSS 5.4
CVE-2025-3246 HIGH
GitHub Enterprise Server <3.16.1 - XSS
CVSS 7.6
CVE-2025-39594 HIGH
Bob Arigato Autoresponder & Newsletter <2.7.2.4 - XSS
CVSS 7.1
CVE-2025-39567 HIGH
Shamalli Web Directory Free <1.7.8 - XSS
CVSS 7.1
Details
Vulnerabilities 45,190
Exploit Likelihood High