CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-0746
MEDIUM
EmbedAI < 2.1 - Authenticated Reflected Cross-Site Scripting via /embedai/users/show Endpoint
CVSS 6.1
CVE-2025-0860
MEDIUM
VR-Frases < 3.0.1 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters
CVSS 6.1
CVE-2025-0844
MEDIUM
needyamin Library Card System 1.0 - Stored Cross-Site Scripting via Registration Page
CVSS 4.3
CVE-2025-0353
MEDIUM
Divi Torque Lite - WordPress <4.1.0 - XSS
CVSS 6.4
CVE-2025-0804
MEDIUM
ClickWhale <= 2.4.1 - Authenticated Stored XSS via Link Titles
CVSS 6.4
CVE-2025-0806
MEDIUM
code-projects Job Recruitment 1.0 - XSS
CVSS 4.3
CVE-2025-23362
MEDIUM
EXIF Viewer Classic 2.3.2 and 2.4.0 - Cross-Site Scripting via EXIF Metadata
CVSS 6.1
CVE-2025-0800
LOW
SourceCodester Online Courseware 1.0 - XSS
CVSS 2.4
CVE-2025-0795
LOW
ESAFENET CDG V5 - Cross-Site Scripting via todolistjump.jsp flowId Parameter
CVSS 3.5
CVE-2025-0794
LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in todoDetail.jsp
CVSS 3.5
CVE-2025-0790
LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /doneDetail.jsp
CVSS 3.5
CVE-2025-22917
MEDIUM
Audemium ERP <= 0.9.0 - Reflected Cross-Site Scripting via 'type' Parameter
CVSS 5.4
CVE-2025-0787
LOW
ESAFENET CDG V5 - Cross-Site Scripting via curpage Parameter in /appDetail.jsp
CVSS 3.5
CVE-2025-0785
LOW
ESAFENET CDG V5 - Cross-Site Scripting via SysConfig.jsp Help Parameter
CVSS 3.5
CVE-2025-23057
MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-23056
MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-23055
MEDIUM
HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Stored Cross-Site Scripting
CVSS 5.5
CVE-2025-0321
MEDIUM
ElementsKit Pro <= 3.7.8 - Authenticated DOM-Based Stored Cross-Site Scripting via URL Parameter
CVSS 6.4
CVE-2025-24810
MEDIUM
Simple Image Sizes <= 3.2.3 - Authenticated Stored Cross-Site Scripting in Settings Screen
CVSS 4.8
CVE-2025-24158
MEDIUM
Safari < 18.3 - Denial of Service via Web Content Processing
CVSS 6.5
CVE-2025-24708
HIGH
WP Dynamics CRM Forms <=1.1.6 - Reflected XSS
CVSS 7.1
CVE-2025-24680
HIGH
WP Multi Store Locator <= 2.4.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24626
HIGH
CodePeople Music Store <1.1.19 - XSS
CVSS 7.1
CVE-2025-24593
HIGH
Edwiser Bridge <= 3.0.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23756
HIGH
LawPress - Law Firm Website Management <= 1.4.5 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,287
Exploit Likelihood
High