CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-22466
HIGH
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 8.2
CVE-2025-22465
MEDIUM
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-22855
LOW
FortiClientEMS 7.2.1-7.2.9 - Stored Cross-Site Scripting via Administrator Message
CVSS 2.7
CVE-2025-30166
MEDIUM
pimcore admin_classic_bundle < 1.7.6 - HTML Injection via Email Content Parameter
CVSS 4.8
CVE-2025-2808
MEDIUM
Motors Plugin <= 1.4.63 - Authenticated Stored XSS via Phone Number
CVSS 5.4
CVE-2025-3432
MEDIUM
AAWP Obfuscator <= 1.0 - Authenticated Stored Cross-Site Scripting via data-aawp-web Parameter
CVSS 6.4
CVE-2025-26653
MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 4.7
CVE-2025-32413
MEDIUM
CIRCL Vulnerability-Lookup < 2.7.1 - Stored Cross-Site Scripting via User Bio
CVSS 6.4
CVE-2025-3397
MEDIUM
YzmCMS 7.1 - Cross-Site Scripting via gourl Argument in message.tpl
CVSS 4.3
CVE-2025-3393
LOW
mrcen springboot-ucan-admin - Cross-Site Scripting in Personal Settings Interface
CVSS 3.5
CVE-2025-3392
LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3391
LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3390
LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3389
LOW
hailey888 oa_system < 2025.01.01 - Cross-Site Scripting via InformManageController menu Argument
CVSS 3.5
CVE-2025-3388
MEDIUM
hailey888 oa_system <2025.01.01 - XSS
CVSS 4.3
CVE-2025-3387
LOW
renrenio renren-security <5.4.0 - XSS
CVSS 3.5
CVE-2025-3386
LOW
pb-cms 2.0 - Cross-Site Scripting in Friendship Link Handler
CVSS 2.4
CVE-2025-3385
LOW
pb-cms 2.0 - Stored Cross-Site Scripting via Classification Name Parameter
CVSS 2.4
CVE-2025-29594
MEDIUM
CS2-WeaponPaints-Website v2.1.7 - XSS
CVSS 6.1
CVE-2025-31476
MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - XSS
CVSS 4.8
CVE-2025-3327
LOW
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-3326
LOW
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-32369
MEDIUM
Kentico Xperience < 13.0.181 - Authenticated Stored Cross-Site Scripting via Media Library File Upload
CVSS 6.4
CVE-2025-3297
LOW
SourceCodester Online Eyewear Shop 1.0 - XSS
CVSS 3.5
CVE-2025-0839
MEDIUM
ZoomSounds < 6.91 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
45,198
Exploit Likelihood
High