CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-2477 MEDIUM
CryoKey <= 2.4 - Unauthenticated Reflected Cross-Site Scripting via ckemail Parameter
CVSS 4.7
CVE-2025-2610 HIGH
MagnusBilling Alarm Module - Cross-Site Scripting
CVSS 7.6
CVE-2025-2609 HIGH
MagnusBilling Login Logs - Cross-Site Scripting
CVSS 8.2
CVE-2025-25035 HIGH
Jalios JPlatform < 10.0.8 - Reflected and Stored Cross-Site Scripting
CVSS 7.3
CVE-2025-30349 HIGH
Horde IMP < 6.2.27 - Cross-Site Scripting via Crafted Email onerror Attribute
CVSS 7.2
CVE-2025-2590 LOW
code-projects Human Resource Management System 1.0.1 - Cross-Site Scripting in UpdateRecruitmentById Function
CVSS 2.4
CVE-2025-2597 MEDIUM
ITIUM 6050 5.5.5.2-b3526 - Reflected Cross-Site Scripting via id_session Parameter
CVSS 6.1
CVE-2025-2583 LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageNews.php
CVSS 3.5
CVE-2025-2582 LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageAttachments.php
CVSS 3.5
CVE-2025-30345 LOW
OpenSlides < 4.2.5 - Cross-Site Scripting via Chat Group Name
CVSS 3.5
CVE-2025-30342 MEDIUM
OpenSlides < 4.2.5 - Stored Cross-Site Scripting via Link Attribute Injection
CVSS 5.4
CVE-2025-29412 MEDIUM
MartMbithi iBanking 2.0.0 - Stored Cross-Site Scripting via Client Profile Name Parameter
CVSS 4.8
CVE-2025-29410 MEDIUM
Hospital Management System 1.0 - Stored Cross-Site Scripting via txtEmail Parameter in contact.php
CVSS 6.1
CVE-2025-27888 MEDIUM
Apache Druid - Server-Side Request Forgery
CVSS 5.4
CVE-2025-1802 MEDIUM
HT Mega - Absolute Addons For Elementor <2.8.3 - XSS
CVSS 6.4
CVE-2025-0281 MEDIUM
lunary < 1.7.10 - Stored Cross-Site Scripting via SAML IdP XML Metadata
CVSS 5.4
CVE-2025-0192 MEDIUM
wandb/openui < latest - Stored Cross-Site Scripting in Edit HTML Functionality
CVSS 5.4
CVE-2025-0183 MEDIUM
binary-husky/gpt_academic 3.9.0 - XSS
CVSS 5.4
CVE-2025-2108 MEDIUM
140+ Widgets | Xpro Addons For Elementor - FREE - XSS
CVSS 6.4
CVE-2025-30092 MEDIUM
Intrexx Portal Server <12.0.2, <11.9.2 - XSS
CVSS 6.1
CVE-2025-27705 MEDIUM
Absolute Secure Access <13.53 - XSS
CVE-2025-2536 MEDIUM
Liferay Portal 7.4.3.82-7.4.3.128 & DXP 2023.Q3.1-2024.Q3.0 XSS via ToastData
CVSS 6.1
CVE-2025-27704 MEDIUM
Absolute Secure Access <13.53 - XSS
CVE-2025-30196 MEDIUM
Jenkins AnchorChain Plugin 1.0 - XSS
CVSS 6.5
CVE-2025-1232 HIGH
Site Reviews < 7.2.5 - Unauthenticated Stored Cross-Site Scripting in Review Fields
CVSS 8.8
Details
Vulnerabilities 45,239
Exploit Likelihood High