CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-0578
LOW
Facile Sistemas Cloud Apps <20250107 - XSS
CVSS 3.5
CVE-2025-0576
MEDIUM
Mobotix M15 4.3.4.83 - Cross-Site Scripting via p_qual Argument
CVSS 4.3
CVE-2025-0560
LOW
CampCodes School Management Software 1.0 - XSS
CVSS 2.4
CVE-2025-0559
LOW
Campcodes School Management Software 1.0 - XSS
CVSS 2.4
CVE-2025-0557
MEDIUM
Hyland Alfresco Community and Enterprise Edition < 6.2.2 - Cross-Site Scripting in URL Handler
CVSS 4.3
CVE-2025-0369
MEDIUM
JetEngine <= 3.6.2 - Authenticated Stored Cross-Site Scripting via list_tag Parameter
CVSS 6.4
CVE-2025-0554
MEDIUM
Podlove Podcast Publisher <=4.1.25 - XSS
CVSS 4.4
CVE-2025-23207
MEDIUM
KaTeX 0.12.0-0.16.20 - Cross-Site Scripting via \htmlData Command
CVSS 6.3
CVE-2025-23039
MEDIUM
Caido 0.45.0 - Cross-Site Scripting in URL Decoding Tooltip
CVSS 5.2
CVE-2025-0538
LOW
Tourism Management System 1.0 - XSS
CVSS 3.5
CVE-2025-0537
LOW
code-projects Car Rental Management System 1.0 - XSS
CVSS 2.4
CVE-2025-0530
LOW
Code-projects Job Recruitment 1.0 - XSS
CVSS 3.5
CVE-2025-23201
MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via Community Parameter in Add Host
CVSS 5.4
CVE-2025-23200
MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via ajax_form.php State Parameter
CVSS 4.6
CVE-2025-23199
MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via descr Parameter in ajax_form.php
CVSS 4.6
CVE-2025-23198
MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via Device Display Parameter
CVSS 4.6
CVE-2025-23965
MEDIUM
Kopatheme Kopa Nictitate Toolkit <1.0.2 - XSS
CVSS 6.5
CVE-2025-23951
MEDIUM
Gallery: Hybrid - Advanced Visual Gallery <= 1.4.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23950
MEDIUM
EZPlayer <= 1.0.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23947
MEDIUM
M.J WP-Player <= 2.6.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23946
MEDIUM
le Pixel Solitaire Enhanced YouTube Shortcode <2.0.1 - XSS
CVSS 6.5
CVE-2025-23943
MEDIUM
arul/aruvi PDF.js Shortcode <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23941
MEDIUM
MeinTurnierplan.de Widget Viewer <1.1 - XSS
CVSS 6.5
CVE-2025-23940
MEDIUM
Saiem Khan Image Switcher <0.1.1 - XSS
CVSS 6.5
CVE-2025-23939
MEDIUM
Saiem Khan Image Switcher <1.1 - XSS
CVSS 6.5
Details
Vulnerabilities
45,293
Exploit Likelihood
High