CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,287 vulnerabilities with CWE-79
CVE-2025-0746 MEDIUM
EmbedAI < 2.1 - Authenticated Reflected Cross-Site Scripting via /embedai/users/show Endpoint
CVSS 6.1
CVE-2025-0860 MEDIUM
VR-Frases < 3.0.1 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVSS 6.1
CVE-2025-0844 MEDIUM
needyamin Library Card System 1.0 - Stored Cross-Site Scripting via Registration Page
CVSS 4.3
CVE-2025-0353 MEDIUM
Divi Torque Lite - WordPress <4.1.0 - XSS
CVSS 6.4
CVE-2025-0804 MEDIUM
ClickWhale <= 2.4.1 - Authenticated Stored XSS via Link Titles
CVSS 6.4
CVE-2025-0806 MEDIUM
code-projects Job Recruitment 1.0 - XSS
CVSS 4.3
CVE-2025-23362 MEDIUM
EXIF Viewer Classic 2.3.2 and 2.4.0 - Cross-Site Scripting via EXIF Metadata
CVSS 6.1
CVE-2025-0800 LOW
SourceCodester Online Courseware 1.0 - XSS
CVSS 2.4
CVE-2025-0795 LOW
ESAFENET CDG V5 - Cross-Site Scripting via todolistjump.jsp flowId Parameter
CVSS 3.5
CVE-2025-0794 LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in todoDetail.jsp
CVSS 3.5
CVE-2025-0790 LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /doneDetail.jsp
CVSS 3.5
CVE-2025-22917 MEDIUM
Audemium ERP <= 0.9.0 - Reflected Cross-Site Scripting via 'type' Parameter
CVSS 5.4
CVE-2025-0787 LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /appDetail.jsp
CVSS 3.5
CVE-2025-0785 LOW
ESAFENET CDG V5 - Cross-Site Scripting via SysConfig.jsp Help Parameter
CVSS 3.5
CVE-2025-23057 MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-23056 MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-23055 MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-0321 MEDIUM
ElementsKit Pro <= 3.7.8 - Authenticated DOM-Based Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-24810 MEDIUM
Simple Image Sizes <= 3.2.3 - Authenticated Stored Cross-Site Scripting in Settings Screen
CVSS 4.8
CVE-2025-24158 MEDIUM
Safari < 18.3 - Denial of Service via Web Content Processing
CVSS 6.5
CVE-2025-24708 HIGH
WP Dynamics CRM Forms <=1.1.6 - Reflected XSS
CVSS 7.1
CVE-2025-24680 HIGH
WP Multi Store Locator <= 2.4.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24626 HIGH
CodePeople Music Store <1.1.19 - XSS
CVSS 7.1
CVE-2025-24593 HIGH
Edwiser Bridge <= 3.0.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23756 HIGH
LawPress - Law Firm Website Management <= 1.4.5 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,287
Exploit Likelihood High