CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-2061 MEDIUM
Online Ticket Reservation System 1.0 - Cross-Site Scripting via Passenger Name Parameter
CVSS 4.3
CVE-2025-2049 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter in AB+.php
CVSS 3.5
CVE-2025-2047 LOW
PHPGurukul Art Gallery Management System 1.0 - Cross-Site Scripting via Search Parameter
CVSS 3.5
CVE-2025-27506 MEDIUM
NocoDB < 0.258.0 - Reflected Cross-Site Scripting via Password Reset Endpoint
CVSS 5.4
CVE-2025-25191 MEDIUM
Group-Office - Stored Cross-Site Scripting in Name Field
CVSS 5.4
CVE-2025-2031 MEDIUM
ChestnutCMS <= 1.5.2 - Unrestricted File Upload via /dev-api/cms/file/upload
CVSS 6.3
CVE-2025-0877 MEDIUM
AtaksAPP Reservation Management System < 4.2.3 - Cross-Site Scripting
CVSS 4.7
CVE-2025-1672 MEDIUM
Notibar - Notification Bar for WordPress <= 2.1.5 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2025-22623 MEDIUM
Ad Inserter - Ad Manager and AdSense Ads <2.8.0 - Info Disclosure
CVE-2025-20208 MEDIUM
Cisco TelePresence Management Suite - XSS
CVSS 4.6
CVE-2025-27412 MEDIUM
REDAXO 5.0.0-5.18.2 - Reflected Cross-Site Scripting via rex-api-result Parameter
CVSS 6.1
CVE-2025-1008 MEDIUM
Recently Purchased Products For Woo <= 1.1.3 - Authenticated Stored Cross-Site Scripting via View Parameter
CVSS 6.4
CVE-2025-27679 MEDIUM
Vasion Print < 20.0.1923 - Cross-Site Scripting in Badge Registration
CVSS 6.1
CVE-2025-27676 MEDIUM
Vasion Print < 20.0.1923 - Cross-Site Scripting in Reports
CVSS 6.1
CVE-2025-27660 MEDIUM
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Cross-Site Scripting
CVSS 5.4
CVE-2025-27654 MEDIUM
Vasion Print < 20.0.2014 and Virtual Appliance < 22.0.862 - Cross-Site Scripting
CVSS 6.1
CVE-2025-27653 MEDIUM
Vasion Print < 20.0.2014 & Virtual Appliance < 22.0.862 - Stored XSS via Badge Registration
CVSS 6.1
CVE-2025-27637 MEDIUM
Vasion Print < 20.0.2614 - Cross-Site Scripting
CVSS 6.1
CVE-2025-1967 LOW
Blood Bank Management System 1.0 - XSS
CVSS 3.5
CVE-2025-1957 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter
CVSS 3.5
CVE-2025-1955 LOW
code-projects Online Class and Exam Scheduling System 1.0 - XSS
CVSS 3.5
CVE-2025-26202 MEDIUM
DZS Router Web Interface - Authenticated Stored Cross-Site Scripting in Wireless Security Passphrase Field
CVSS 4.3
CVE-2025-1949 MEDIUM
ZZCMS 2025 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in register_nodb.php
CVSS 4.3
CVE-2025-27156 MEDIUM
Tuleap < 16.3-11 and < 16.4.99.1740567344 - Cross-Site Scripting in Mass Email Feature
CVSS 4.1
CVE-2025-27155 MEDIUM
Pinecone < 218b2801995b174085cb1c8fafe2d3aa661f85bd - Stored Cross-Site Scripting
CVSS 6.1
Details
Vulnerabilities 45,246
Exploit Likelihood High