CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-22466 HIGH
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 8.2
CVE-2025-22465 MEDIUM
Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-22855 LOW
FortiClientEMS 7.2.1-7.2.9 - Stored Cross-Site Scripting via Administrator Message
CVSS 2.7
CVE-2025-30166 MEDIUM
pimcore admin_classic_bundle < 1.7.6 - HTML Injection via Email Content Parameter
CVSS 4.8
CVE-2025-2808 MEDIUM
Motors Plugin <= 1.4.63 - Authenticated Stored XSS via Phone Number
CVSS 5.4
CVE-2025-3432 MEDIUM
AAWP Obfuscator <= 1.0 - Authenticated Stored Cross-Site Scripting via data-aawp-web Parameter
CVSS 6.4
CVE-2025-26653 MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 4.7
CVE-2025-32413 MEDIUM
CIRCL Vulnerability-Lookup < 2.7.1 - Stored Cross-Site Scripting via User Bio
CVSS 6.4
CVE-2025-3397 MEDIUM
YzmCMS 7.1 - Cross-Site Scripting via gourl Argument in message.tpl
CVSS 4.3
CVE-2025-3393 LOW
mrcen springboot-ucan-admin - Cross-Site Scripting in Personal Settings Interface
CVSS 3.5
CVE-2025-3392 LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3391 LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3390 LOW
hailey888 oa_system <2025.01.01 - XSS
CVSS 3.5
CVE-2025-3389 LOW
hailey888 oa_system < 2025.01.01 - Cross-Site Scripting via InformManageController menu Argument
CVSS 3.5
CVE-2025-3388 MEDIUM
hailey888 oa_system <2025.01.01 - XSS
CVSS 4.3
CVE-2025-3387 LOW
renrenio renren-security <5.4.0 - XSS
CVSS 3.5
CVE-2025-3386 LOW
pb-cms 2.0 - Cross-Site Scripting in Friendship Link Handler
CVSS 2.4
CVE-2025-3385 LOW
pb-cms 2.0 - Stored Cross-Site Scripting via Classification Name Parameter
CVSS 2.4
CVE-2025-29594 MEDIUM
CS2-WeaponPaints-Website v2.1.7 - XSS
CVSS 6.1
CVE-2025-31476 MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - XSS
CVSS 4.8
CVE-2025-3327 LOW
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-3326 LOW
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
CVSS 3.5
CVE-2025-32369 MEDIUM
Kentico Xperience < 13.0.181 - Authenticated Stored Cross-Site Scripting via Media Library File Upload
CVSS 6.4
CVE-2025-3297 LOW
SourceCodester Online Eyewear Shop 1.0 - XSS
CVSS 3.5
CVE-2025-0839 MEDIUM
ZoomSounds < 6.91 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities 45,198
Exploit Likelihood High