CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-0513 MEDIUM
Octopus Server 2024.3.164-2024.3.12985 - Cross-Site Scripting in Error Page
CVSS 5.4
CVE-2025-1174 LOW
1000 Projects Bookstore Management System 1.0 - Cross-Site Scripting via Book Name Parameter
CVSS 2.4
CVE-2025-1171 LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Address Parameter in CustomerReport.php
CVSS 3.5
CVE-2025-1145 MEDIUM
NetVision Information ISOinsight - XSS
CVSS 6.1
CVE-2025-1170 LOW
Real Estate Property Management System 1.0 - Cross-Site Scripting via Desc Parameter in Category.php
CVSS 3.5
CVE-2025-1169 LOW
SourceCodester Image Compressor Tool 1.0 - Cross-Site Scripting via Image Parameter
CVSS 3.5
CVE-2025-24867 MEDIUM
SAP BusinessObjects Platform (BI Launchpad) - Unauthenticated Cross-Site Scripting via Unprotected URL Parameter
CVSS 6.1
CVE-2025-0054 MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-25190 MEDIUM
ZOO-Project WPS Server <7a5ae1a - XSS
CVE-2025-25189 MEDIUM
ZOO-Project - Reflected Cross-Site Scripting via jobid Parameter
CVE-2025-1159 LOW
CampCodes School Management Software 1.0 - Cross-Site Scripting in /academic-calendar
CVSS 3.5
CVE-2025-1155 MEDIUM
Webkul QloApps 1.6.1 - Cross-Site Scripting in Your Location Search
CVSS 4.3
CVE-2025-24892 LOW
OpenProject < 15.2.1 - Stored Cross-Site Scripting in Group Management Section
CVSS 3.5
CVE-2025-1175 MEDIUM
Kelio Visio 3.2C-5.1K - Reflected Cross-Site Scripting via Username Parameter
CVSS 6.1
CVE-2025-25247 MEDIUM
Apache Felix Webconsole <4.9.8-5.0.8 - XSS
CVSS 6.1
CVE-2025-0169 MEDIUM
DWT Directory & Listing WordPress Theme <3.3.4 - XSS
CVSS 6.4
CVE-2025-25187 HIGH
Joplin < 3.1.24 - Stored Cross-Site Scripting via Note Title Rendering
CVSS 7.8
CVE-2025-24028 HIGH
Joplin < 3.2.12 - Stored Cross-Site Scripting via HTML Comment Handling
CVSS 7.8
CVE-2025-1114 LOW
newbee-mall 1.0 - Cross-Site Scripting via Category Name Parameter in Add Category Page
CVSS 3.5
CVE-2025-1105 MEDIUM
SiberianCMS 4.20.6 - Cross-Site Scripting in HTTP GET Request Handler
CVSS 4.3
CVE-2025-25159 HIGH
robert_kolatzek WP doodlez <1.0.10 - XSS
CVSS 7.1
CVE-2025-25144 HIGH
Theasys <= 1.0.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-25136 MEDIUM
shujahat21 Optimate Ads <1.0.3 - XSS
CVSS 6.5
CVE-2025-25117 MEDIUM
Alex Polonski Smart Countdown FX - XSS
CVSS 6.5
CVE-2025-25105 MEDIUM
Pop Up <= 0.1 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 45,287
Exploit Likelihood High