CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,239 vulnerabilities with CWE-79
CVE-2025-29790 MEDIUM
Contao 4.0.0-4.13.53 and core-bundle 4.0.0-4.13.54 - Stored Cross-Site Scripting via SVG Upload
CVSS 5.4
CVE-2025-2491 LOW
Dromara ujcms 9.7.5 - Stored Cross-Site Scripting in Edit Template File Page
CVSS 2.4
CVE-2025-2490 LOW
Dromara ujcms 9.7.5 - Cross-Site Scripting via File Upload
CVSS 2.4
CVE-2025-2495 MEDIUM
Softdial Contact Center - Stored Cross-Site Scripting via XML File Upload
CVSS 5.4
CVE-2025-29429 MEDIUM
Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via id, code, and name Parameters
CVSS 6.1
CVE-2025-30143 MEDIUM
Akamai App & API Protector <2 - Code Injection
CVSS 5.4
CVE-2025-26127 MEDIUM
FileCloud 23.241.2 - Stored Cross-Site Scripting via Send for Approval Function
CVSS 5.0
CVE-2025-25612 HIGH
FS Inc S3150-8T2F <S3150-8T2F_2.2.0D_135103 - XSS
CVSS 7.1
CVE-2025-27102 MEDIUM
OBiBa Agate < 3.3.0 - Unauthenticated Stored Cross-Site Scripting via User Registration
CVE-2025-0833 HIGH
3DEXPERIENCE ENOVIA R2023x-R2024x - Stored Cross-Site Scripting in Route Management
CVSS 8.7
CVE-2025-0832 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting in Project Gantt
CVSS 8.7
CVE-2025-0830 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting in Meeting Management
CVSS 8.7
CVE-2025-0829 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting in 3D Markup
CVSS 8.7
CVE-2025-0828 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting in Engineering Release
CVSS 8.7
CVE-2025-0827 HIGH
3DSwymer 3DEXPERIENCE R2022x-R2024x - Stored Cross-Site Scripting in 3DPlay
CVSS 8.7
CVE-2025-0826 HIGH
3DEXPERIENCE ENOVIA R2022x-R2024x - Stored Cross-Site Scripting in 3D Navigate
CVSS 8.7
CVE-2025-0601 HIGH
ENOVIA Collaborative Industry Innovator <R2024x - XSS
CVSS 8.7
CVE-2025-0600 HIGH
ENOVIA Collaborative Industry Innovator <R2024x - XSS
CVSS 8.7
CVE-2025-0599 HIGH
ENOVIA Collaborative Industry Innovator <R2024x - XSS
CVSS 8.7
CVE-2025-0598 HIGH
ENOVIA Collaborative Industry Innovator <R2024x - XSS
CVSS 8.7
CVE-2025-0596 HIGH
ENOVIA Collaborative Industry Innovator <R2024x - XSS
CVSS 8.7
CVE-2025-0595 HIGH
3DSwymer 3DEXPERIENCE R2022x-R2024x - Stored Cross-Site Scripting in 3DDashboard
CVSS 8.7
CVE-2025-2377 LOW
SourceCodester Vehicle Management System 1.0 - Cross-Site Scripting via confirmbooking.php id Parameter
CVSS 3.5
CVE-2025-2375 LOW
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - XSS via Admin Profile Email
CVSS 3.5
CVE-2025-2371 LOW
Human Metapneumovirus Testing Management System 1.0 - Cross-Site Scripting via regmobilenumber Parameter
CVSS 3.5
Details
Vulnerabilities 45,239
Exploit Likelihood High