CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-0511
HIGH
Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
CVSS 7.2
CVE-2025-1230
MEDIUM
Prestashop 8.1.7 - Stored Cross-Site Scripting via Admin Index Link Parameter
CVSS 4.8
CVE-2025-1190
LOW
Job Recruitment 1.0 - Cross-Site Scripting in load_user-profile.php
CVSS 3.5
CVE-2025-0506
MEDIUM
Rise Blocks < 3.6 - Authenticated Stored Cross-Site Scripting via titleTag Parameter
CVSS 6.4
CVE-2025-25203
HIGH
Ctrlpanel-gg panel < 1.0 - Stored Cross-Site Scripting via Ticket Priority Field
CVSS 8.1
CVE-2025-24438
HIGH
Adobe Commerce <=2.4.8-beta1 - Stored XSS in Form Fields
CVSS 8.7
CVE-2025-24428
MEDIUM
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 5.4
CVE-2025-24417
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24416
HIGH
Adobe Commerce <= 2.4.4-p11 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24415
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24414
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24413
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24412
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-24410
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
CVSS 8.7
CVE-2025-26493
MEDIUM
JetBrains TeamCity < 2024.12.2 - DOM-based Cross-Site Scripting on Code Inspection Report Tab
CVSS 4.6
CVE-2025-0862
MEDIUM
SuperSaaS - online appointment scheduling <= 2.1.12 - Authenticated Stored Cross-Site Scripting via 'after' Parameter
CVSS 4.9
CVE-2025-0513
MEDIUM
Octopus Server 2024.3.164-2024.3.12985 - Cross-Site Scripting in Error Page
CVSS 5.4
CVE-2025-1174
LOW
1000 Projects Bookstore Management System 1.0 - Cross-Site Scripting via Book Name Parameter
CVSS 2.4
CVE-2025-1171
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Address Parameter in CustomerReport.php
CVSS 3.5
CVE-2025-1145
MEDIUM
NetVision Information ISOinsight - XSS
CVSS 6.1
CVE-2025-1170
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Desc Parameter in Category.php
CVSS 3.5
CVE-2025-1169
LOW
SourceCodester Image Compressor Tool 1.0 - Cross-Site Scripting via Image Parameter
CVSS 3.5
CVE-2025-24867
MEDIUM
SAP BusinessObjects Platform (BI Launchpad) - Unauthenticated Cross-Site Scripting via Unprotected URL Parameter
CVSS 6.1
CVE-2025-0054
MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-25190
MEDIUM
ZOO-Project WPS Server <7a5ae1a - XSS
Details
Vulnerabilities
45,278
Exploit Likelihood
High