CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,278 vulnerabilities with CWE-79
CVE-2025-1612 LOW
Edimax BR-6288ACL 1.30 - Cross-Site Scripting via SSID Parameter in wireless5g_basic.asp
CVSS 3.5
CVE-2025-22635 HIGH
imithemes Eventer < 3.9.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22632 HIGH
totalsoft WooCommerce Pricing - Product Pricing <1.0.9 - XSS
CVSS 7.1
CVE-2025-22631 HIGH
vbout Marketing Automation <1.2.6.8 - XSS
CVSS 7.1
CVE-2025-1597 LOW
Best Church Management Software 1.0 - Cross-Site Scripting via Redirect Parameter
CVSS 3.5
CVE-2025-1592 LOW
Best Employee Management System 1.0 - Cross-Site Scripting via Role Assignment Parameters
CVSS 2.4
CVE-2025-1591 LOW
SourceCodester Employee Management System 1.0 - Cross-Site Scripting via Department Name Parameter
CVSS 2.4
CVE-2025-1589 MEDIUM
SourceCodester E-Learning System 1.0 - Cross-Site Scripting in User Registration Handler
CVSS 4.3
CVE-2025-1467 MEDIUM
tarteaucitronjs < 1.17.0 - Cross-Site Scripting via getElemWidth() and getElemHeight()
CVSS 6.1
CVE-2025-1586 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Bloodname Parameter
CVSS 3.5
CVE-2025-1585 LOW
tale_project tale < 2.0.5 - Cross-Site Scripting via logo_url Parameter in Header Template
CVSS 2.4
CVE-2025-1579 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via Email Parameter
CVSS 2.4
CVE-2025-1577 LOW
code-projects Blood Bank System 1.0 - Cross-Site Scripting via /prostatus.php Message Parameter
CVSS 3.5
CVE-2025-26973 MEDIUM
WarfarePlugins Social Warfare <4.5.4 - XSS
CVSS 6.5
CVE-2025-26774 HIGH
Rock Solid Responsive Modal Builder <1.5.0 - XSS
CVSS 7.1
CVE-2025-26756 HIGH
Magic the Gathering Card Tooltips <3.5.0 - XSS
CVSS 7.1
CVE-2025-0957 HIGH
SMTP for Amazon SES - YaySMTP <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-0953 HIGH
SMTP for Sendinblue - YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-0918 HIGH
SMTP for SendGrid - YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2025-1553 LOW
pankajindevops scale - Cross-Site Scripting
CVSS 3.5
CVE-2025-27109 HIGH
solid-js < 1.9.4 - Cross-Site Scripting via Inlined JSX Fragment
CVSS 7.3
CVE-2025-27108 HIGH
dom-expressions < 0.39.5 - Cross-Site Scripting via Special Replacement Patterns in .replace()
CVSS 7.3
CVE-2025-1548 LOW
Dreamer CMS 4.1.3 - Cross-Site Scripting via Editor Value Parameter
CVSS 3.5
CVE-2025-1489 MEDIUM
WP-Appbox <= 4.5.4 - Authenticated Stored Cross-Site Scripting via Appbox Shortcode
CVSS 6.4
CVE-2025-1410 MEDIUM
Pie Calendar - Events Calendar Made Simple <= 1.2.5 - Authenticated Stored Cross-Site Scripting via piecal Shortcode
CVSS 6.4
Details
Vulnerabilities 45,278
Exploit Likelihood High