CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-2061
MEDIUM
Online Ticket Reservation System 1.0 - Cross-Site Scripting via Passenger Name Parameter
CVSS 4.3
CVE-2025-2049
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter in AB+.php
CVSS 3.5
CVE-2025-2047
LOW
PHPGurukul Art Gallery Management System 1.0 - Cross-Site Scripting via Search Parameter
CVSS 3.5
CVE-2025-27506
MEDIUM
NocoDB < 0.258.0 - Reflected Cross-Site Scripting via Password Reset Endpoint
CVSS 5.4
CVE-2025-25191
MEDIUM
Group-Office - Stored Cross-Site Scripting in Name Field
CVSS 5.4
CVE-2025-2031
MEDIUM
ChestnutCMS <= 1.5.2 - Unrestricted File Upload via /dev-api/cms/file/upload
CVSS 6.3
CVE-2025-0877
MEDIUM
AtaksAPP Reservation Management System < 4.2.3 - Cross-Site Scripting
CVSS 4.7
CVE-2025-1672
MEDIUM
Notibar - Notification Bar for WordPress <= 2.1.5 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2025-22623
MEDIUM
Ad Inserter - Ad Manager and AdSense Ads <2.8.0 - Info Disclosure
CVE-2025-20208
MEDIUM
Cisco TelePresence Management Suite - XSS
CVSS 4.6
CVE-2025-27412
MEDIUM
REDAXO 5.0.0-5.18.2 - Reflected Cross-Site Scripting via rex-api-result Parameter
CVSS 6.1
CVE-2025-1008
MEDIUM
Recently Purchased Products For Woo <= 1.1.3 - Authenticated Stored Cross-Site Scripting via View Parameter
CVSS 6.4
CVE-2025-27679
MEDIUM
Vasion Print < 20.0.1923 - Cross-Site Scripting in Badge Registration
CVSS 6.1
CVE-2025-27676
MEDIUM
Vasion Print < 20.0.1923 - Cross-Site Scripting in Reports
CVSS 6.1
CVE-2025-27660
MEDIUM
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Cross-Site Scripting
CVSS 5.4
CVE-2025-27654
MEDIUM
Vasion Print < 20.0.2014 and Virtual Appliance < 22.0.862 - Cross-Site Scripting
CVSS 6.1
CVE-2025-27653
MEDIUM
Vasion Print < 20.0.2014 & Virtual Appliance < 22.0.862 - Stored XSS via Badge Registration
CVSS 6.1
CVE-2025-27637
MEDIUM
Vasion Print < 20.0.2614 - Cross-Site Scripting
CVSS 6.1
CVE-2025-1967
LOW
Blood Bank Management System 1.0 - XSS
CVSS 3.5
CVE-2025-1957
LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter
CVSS 3.5
CVE-2025-1955
LOW
code-projects Online Class and Exam Scheduling System 1.0 - XSS
CVSS 3.5
CVE-2025-26202
MEDIUM
DZS Router Web Interface - Authenticated Stored Cross-Site Scripting in Wireless Security Passphrase Field
CVSS 4.3
CVE-2025-1949
MEDIUM
ZZCMS 2025 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in register_nodb.php
CVSS 4.3
CVE-2025-27156
MEDIUM
Tuleap < 16.3-11 and < 16.4.99.1740567344 - Cross-Site Scripting in Mass Email Feature
CVSS 4.1
CVE-2025-27155
MEDIUM
Pinecone < 218b2801995b174085cb1c8fafe2d3aa661f85bd - Stored Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities
45,246
Exploit Likelihood
High