CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-26091 MEDIUM
TeamPasswordManager < 12.162.284 - Stored Cross-Site Scripting via Name Parameter
CVSS 4.6
CVE-2025-1935 MEDIUM
Firefox < 128.8.0 and < 136.0 - Cross-Site Scripting via Default URL Protocol Handler
CVSS 4.3
CVE-2025-0370 MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.3.3 - Authenticated Stored Cross-Site Scripting via 'src' Parameter
CVSS 6.4
CVE-2025-0512 MEDIUM
Structured Content (JSON-LD) < 1.6.4 - Authenticated Stored XSS via sc_fs_local_business Shortcode
CVSS 6.4
CVE-2025-0433 MEDIUM
Master Addons - Elementor Addons <2.0.7.1 - XSS
CVSS 6.4
CVE-2025-1905 LOW
SourceCodester Employee Management System 1.0 - XSS
CVSS 3.5
CVE-2025-1904 LOW
code-projects Blood Bank System 1.0 - XSS
CVSS 3.5
CVE-2025-1892 LOW
shishuocms 1.1 - Stored Cross-Site Scripting via folderName Parameter
CVSS 2.4
CVE-2025-27500 HIGH
OpenZiti < 3.7.1 - Unauthenticated Stored Cross-Site Scripting via File Upload Endpoint
CVSS 8.2
CVE-2025-27499 MEDIUM
WeGIA < 3.2.10 - Stored Cross-Site Scripting via socio_nome Parameter
CVSS 6.1
CVE-2025-25939 MEDIUM
Reprise License Manager 14.2 - Reflected Cross-Site Scripting via akey Parameter
CVSS 6.1
CVE-2025-27420 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via Descricao Parameter
CVSS 5.4
CVE-2025-27418 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_tipo_atendido.php tipo Parameter
CVSS 5.4
CVE-2025-27417 MEDIUM
WeGIA < 3.2.16 - Stored Cross-Site Scripting via adicionar_status_atendido.php Status Parameter
CVSS 6.1
CVE-2025-27099 MEDIUM
Tuleap < 16.3-10 and < 16.4.99.1740067916 - Cross-Site Scripting via Tracker Name in Semantic Timeframe Deletion Message
CVSS 4.8
CVE-2025-0555 HIGH
GitLab-EE <17.7.6, <17.8.4, <17.9.1 - XSS
CVSS 7.7
CVE-2025-27279 HIGH
Flashfader <= 1.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27278 HIGH
AcuGIS Leaflet Maps <= 5.1.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27275 HIGH
andrew_fisher WOO Codice Fiscale <1.6.3 - XSS
CVSS 7.1
CVE-2025-27273 MEDIUM
winking Affiliate Links Manager <1.0 - XSS
CVSS 5.8
CVE-2025-27271 HIGH
NotFound DB Tables Import/Export <1.0.1 - XSS
CVSS 7.1
CVE-2025-27269 HIGH
.htaccess Login block <= 0.9a - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26994 HIGH
Zigaform - Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26989 HIGH
Zigaform <= 7.4.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26984 HIGH
Cozy Vision SMS Alert Order Notifications <= 3.7.8 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,246
Exploit Likelihood High