CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,239 vulnerabilities with CWE-79
CVE-2025-2477
MEDIUM
CryoKey <= 2.4 - Unauthenticated Reflected Cross-Site Scripting via ckemail Parameter
CVSS 4.7
CVE-2025-2610
HIGH
MagnusBilling Alarm Module - Cross-Site Scripting
CVSS 7.6
CVE-2025-2609
HIGH
MagnusBilling Login Logs - Cross-Site Scripting
CVSS 8.2
CVE-2025-25035
HIGH
Jalios JPlatform < 10.0.8 - Reflected and Stored Cross-Site Scripting
CVSS 7.3
CVE-2025-30349
HIGH
Horde IMP < 6.2.27 - Cross-Site Scripting via Crafted Email onerror Attribute
CVSS 7.2
CVE-2025-2590
LOW
code-projects Human Resource Management System 1.0.1 - Cross-Site Scripting in UpdateRecruitmentById Function
CVSS 2.4
CVE-2025-2597
MEDIUM
ITIUM 6050 5.5.5.2-b3526 - Reflected Cross-Site Scripting via id_session Parameter
CVSS 6.1
CVE-2025-2583
LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageNews.php
CVSS 3.5
CVE-2025-2582
LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageAttachments.php
CVSS 3.5
CVE-2025-30345
LOW
OpenSlides < 4.2.5 - Cross-Site Scripting via Chat Group Name
CVSS 3.5
CVE-2025-30342
MEDIUM
OpenSlides < 4.2.5 - Stored Cross-Site Scripting via Link Attribute Injection
CVSS 5.4
CVE-2025-29412
MEDIUM
MartMbithi iBanking 2.0.0 - Stored Cross-Site Scripting via Client Profile Name Parameter
CVSS 4.8
CVE-2025-29410
MEDIUM
Hospital Management System 1.0 - Stored Cross-Site Scripting via txtEmail Parameter in contact.php
CVSS 6.1
CVE-2025-27888
MEDIUM
Apache Druid - Server-Side Request Forgery
CVSS 5.4
CVE-2025-1802
MEDIUM
HT Mega - Absolute Addons For Elementor <2.8.3 - XSS
CVSS 6.4
CVE-2025-0281
MEDIUM
lunary < 1.7.10 - Stored Cross-Site Scripting via SAML IdP XML Metadata
CVSS 5.4
CVE-2025-0192
MEDIUM
wandb/openui < latest - Stored Cross-Site Scripting in Edit HTML Functionality
CVSS 5.4
CVE-2025-0183
MEDIUM
binary-husky/gpt_academic 3.9.0 - XSS
CVSS 5.4
CVE-2025-2108
MEDIUM
140+ Widgets | Xpro Addons For Elementor - FREE - XSS
CVSS 6.4
CVE-2025-30092
MEDIUM
Intrexx Portal Server <12.0.2, <11.9.2 - XSS
CVSS 6.1
CVE-2025-27705
MEDIUM
Absolute Secure Access <13.53 - XSS
CVE-2025-2536
MEDIUM
Liferay Portal 7.4.3.82-7.4.3.128 & DXP 2023.Q3.1-2024.Q3.0 XSS via ToastData
CVSS 6.1
CVE-2025-27704
MEDIUM
Absolute Secure Access <13.53 - XSS
CVE-2025-30196
MEDIUM
Jenkins AnchorChain Plugin 1.0 - XSS
CVSS 6.5
CVE-2025-1232
HIGH
Site Reviews < 7.2.5 - Unauthenticated Stored Cross-Site Scripting in Review Fields
CVSS 8.8
Details
Vulnerabilities
45,239
Exploit Likelihood
High