CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,278 vulnerabilities with CWE-79
CVE-2025-0511 HIGH
Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
CVSS 7.2
CVE-2025-1230 MEDIUM
Prestashop 8.1.7 - Stored Cross-Site Scripting via Admin Index Link Parameter
CVSS 4.8
CVE-2025-1190 LOW
Job Recruitment 1.0 - Cross-Site Scripting in load_user-profile.php
CVSS 3.5
CVE-2025-0506 MEDIUM
Rise Blocks < 3.6 - Authenticated Stored Cross-Site Scripting via titleTag Parameter
CVSS 6.4
CVE-2025-25203 HIGH
Ctrlpanel-gg panel < 1.0 - Stored Cross-Site Scripting via Ticket Priority Field
CVSS 8.1
CVE-2025-24438 HIGH
Adobe Commerce <=2.4.8-beta1 - Stored XSS in Form Fields
CVSS 8.7
CVE-2025-24428 MEDIUM
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-24417 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24416 HIGH
Adobe Commerce <= 2.4.4-p11 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24415 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24414 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24413 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24412 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24410 HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-26493 MEDIUM
JetBrains TeamCity < 2024.12.2 - DOM-based Cross-Site Scripting on Code Inspection Report Tab
CVSS 4.6
CVE-2025-0862 MEDIUM
SuperSaaS - online appointment scheduling <= 2.1.12 - Authenticated Stored Cross-Site Scripting via 'after' Parameter
CVSS 4.9
CVE-2025-0513 MEDIUM
Octopus Server 2024.3.164-2024.3.12985 - Cross-Site Scripting in Error Page
CVSS 5.4
CVE-2025-1174 LOW
1000 Projects Bookstore Management System 1.0 - Cross-Site Scripting via Book Name Parameter
CVSS 2.4
CVE-2025-1171 LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Address Parameter in CustomerReport.php
CVSS 3.5
CVE-2025-1145 MEDIUM
NetVision Information ISOinsight - XSS
CVSS 6.1
CVE-2025-1170 LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Desc Parameter in Category.php
CVSS 3.5
CVE-2025-1169 LOW
SourceCodester Image Compressor Tool 1.0 - Cross-Site Scripting via Image Parameter
CVSS 3.5
CVE-2025-24867 MEDIUM
SAP BusinessObjects Platform (BI Launchpad) - Unauthenticated Cross-Site Scripting via Unprotected URL Parameter
CVSS 6.1
CVE-2025-0054 MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-25190 MEDIUM
ZOO-Project WPS Server <7a5ae1a - XSS
Details
Vulnerabilities 45,278
Exploit Likelihood High