CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-0513
MEDIUM
Octopus Server 2024.3.164-2024.3.12985 - Cross-Site Scripting in Error Page
CVSS 5.4
CVE-2025-1174
LOW
1000 Projects Bookstore Management System 1.0 - Cross-Site Scripting via Book Name Parameter
CVSS 2.4
CVE-2025-1171
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Address Parameter in CustomerReport.php
CVSS 3.5
CVE-2025-1145
MEDIUM
NetVision Information ISOinsight - XSS
CVSS 6.1
CVE-2025-1170
LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Desc Parameter in Category.php
CVSS 3.5
CVE-2025-1169
LOW
SourceCodester Image Compressor Tool 1.0 - Cross-Site Scripting via Image Parameter
CVSS 3.5
CVE-2025-24867
MEDIUM
SAP BusinessObjects Platform (BI Launchpad) - Unauthenticated Cross-Site Scripting via Unprotected URL Parameter
CVSS 6.1
CVE-2025-0054
MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-25190
MEDIUM
ZOO-Project WPS Server <7a5ae1a - XSS
CVE-2025-25189
MEDIUM
ZOO-Project - Reflected Cross-Site Scripting via jobid Parameter
CVE-2025-1159
LOW
CampCodes School Management Software 1.0 - Cross-Site Scripting in /academic-calendar
CVSS 3.5
CVE-2025-1155
MEDIUM
Webkul QloApps 1.6.1 - Cross-Site Scripting in Your Location Search
CVSS 4.3
CVE-2025-24892
LOW
OpenProject < 15.2.1 - Stored Cross-Site Scripting in Group Management Section
CVSS 3.5
CVE-2025-1175
MEDIUM
Kelio Visio 3.2C-5.1K - Reflected Cross-Site Scripting via Username Parameter
CVSS 6.1
CVE-2025-25247
MEDIUM
Apache Felix Webconsole <4.9.8-5.0.8 - XSS
CVSS 6.1
CVE-2025-0169
MEDIUM
DWT Directory & Listing WordPress Theme <3.3.4 - XSS
CVSS 6.4
CVE-2025-25187
HIGH
Joplin < 3.1.24 - Stored Cross-Site Scripting via Note Title Rendering
CVSS 7.8
CVE-2025-24028
HIGH
Joplin < 3.2.12 - Stored Cross-Site Scripting via HTML Comment Handling
CVSS 7.8
CVE-2025-1114
LOW
newbee-mall 1.0 - Cross-Site Scripting via Category Name Parameter in Add Category Page
CVSS 3.5
CVE-2025-1105
MEDIUM
SiberianCMS 4.20.6 - Cross-Site Scripting in HTTP GET Request Handler
CVSS 4.3
CVE-2025-25159
HIGH
robert_kolatzek WP doodlez <1.0.10 - XSS
CVSS 7.1
CVE-2025-25144
HIGH
Theasys <= 1.0.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-25136
MEDIUM
shujahat21 Optimate Ads <1.0.3 - XSS
CVSS 6.5
CVE-2025-25117
MEDIUM
Alex Polonski Smart Countdown FX - XSS
CVSS 6.5
CVE-2025-25105
MEDIUM
Pop Up <= 0.1 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities
45,287
Exploit Likelihood
High