CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,246 vulnerabilities with CWE-79
CVE-2025-26091
MEDIUM
TeamPasswordManager < 12.162.284 - Stored Cross-Site Scripting via Name Parameter
CVSS 4.6
CVE-2025-1935
MEDIUM
Firefox < 128.8.0 and < 136.0 - Cross-Site Scripting via Default URL Protocol Handler
CVSS 4.3
CVE-2025-0370
MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.3.3 - Authenticated Stored Cross-Site Scripting via 'src' Parameter
CVSS 6.4
CVE-2025-0512
MEDIUM
Structured Content (JSON-LD) < 1.6.4 - Authenticated Stored XSS via sc_fs_local_business Shortcode
CVSS 6.4
CVE-2025-0433
MEDIUM
Master Addons - Elementor Addons <2.0.7.1 - XSS
CVSS 6.4
CVE-2025-1905
LOW
SourceCodester Employee Management System 1.0 - XSS
CVSS 3.5
CVE-2025-1904
LOW
code-projects Blood Bank System 1.0 - XSS
CVSS 3.5
CVE-2025-1892
LOW
shishuocms 1.1 - Stored Cross-Site Scripting via folderName Parameter
CVSS 2.4
CVE-2025-27500
HIGH
OpenZiti < 3.7.1 - Unauthenticated Stored Cross-Site Scripting via File Upload Endpoint
CVSS 8.2
CVE-2025-27499
MEDIUM
WeGIA < 3.2.10 - Stored Cross-Site Scripting via socio_nome Parameter
CVSS 6.1
CVE-2025-25939
MEDIUM
Reprise License Manager 14.2 - Reflected Cross-Site Scripting via akey Parameter
CVSS 6.1
CVE-2025-27420
MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via Descricao Parameter
CVSS 5.4
CVE-2025-27418
MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_tipo_atendido.php tipo Parameter
CVSS 5.4
CVE-2025-27417
MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_status_atendido.php Status Parameter
CVSS 6.1
CVE-2025-27099
MEDIUM
Tuleap < 16.3-10 and < 16.4.99.1740067916 - Cross-Site Scripting via Tracker Name in Semantic Timeframe Deletion Message
CVSS 4.8
CVE-2025-0555
HIGH
GitLab-EE <17.7.6, <17.8.4, <17.9.1 - XSS
CVSS 7.7
CVE-2025-27279
HIGH
Flashfader <= 1.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27278
HIGH
AcuGIS Leaflet Maps <= 5.1.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27275
HIGH
andrew_fisher WOO Codice Fiscale <1.6.3 - XSS
CVSS 7.1
CVE-2025-27273
MEDIUM
winking Affiliate Links Manager <1.0 - XSS
CVSS 5.8
CVE-2025-27271
HIGH
NotFound DB Tables Import/Export <1.0.1 - XSS
CVSS 7.1
CVE-2025-27269
HIGH
.htaccess Login block <= 0.9a - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26994
HIGH
Zigaform - Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26989
HIGH
Zigaform <= 7.4.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26984
HIGH
Cozy Vision SMS Alert Order Notifications <= 3.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,246
Exploit Likelihood
High