CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-0578 LOW
Facile Sistemas Cloud Apps <20250107 - XSS
CVSS 3.5
CVE-2025-0576 MEDIUM
Mobotix M15 4.3.4.83 - Cross-Site Scripting via p_qual Argument
CVSS 4.3
CVE-2025-0560 LOW
CampCodes School Management Software 1.0 - XSS
CVSS 2.4
CVE-2025-0559 LOW
Campcodes School Management Software 1.0 - XSS
CVSS 2.4
CVE-2025-0557 MEDIUM
Hyland Alfresco Community and Enterprise Edition < 6.2.2 - Cross-Site Scripting in URL Handler
CVSS 4.3
CVE-2025-0369 MEDIUM
JetEngine <= 3.6.2 - Authenticated Stored Cross-Site Scripting via list_tag Parameter
CVSS 6.4
CVE-2025-0554 MEDIUM
Podlove Podcast Publisher <=4.1.25 - XSS
CVSS 4.4
CVE-2025-23207 MEDIUM
KaTeX 0.12.0-0.16.20 - Cross-Site Scripting via \htmlData Command
CVSS 6.3
CVE-2025-23039 MEDIUM
Caido 0.45.0 - Cross-Site Scripting in URL Decoding Tooltip
CVSS 5.2
CVE-2025-0538 LOW
Tourism Management System 1.0 - XSS
CVSS 3.5
CVE-2025-0537 LOW
code-projects Car Rental Management System 1.0 - XSS
CVSS 2.4
CVE-2025-0530 LOW
Code-projects Job Recruitment 1.0 - XSS
CVSS 3.5
CVE-2025-23201 MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via Community Parameter in Add Host
CVSS 5.4
CVE-2025-23200 MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via ajax_form.php State Parameter
CVSS 4.6
CVE-2025-23199 MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via descr Parameter in ajax_form.php
CVSS 4.6
CVE-2025-23198 MEDIUM
librenms < 24.11.0 - Stored Cross-Site Scripting via Device Display Parameter
CVSS 4.6
CVE-2025-23965 MEDIUM
Kopatheme Kopa Nictitate Toolkit <1.0.2 - XSS
CVSS 6.5
CVE-2025-23951 MEDIUM
Gallery: Hybrid - Advanced Visual Gallery <= 1.4.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23950 MEDIUM
EZPlayer <= 1.0.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23947 MEDIUM
M.J WP-Player <= 2.6.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23946 MEDIUM
le Pixel Solitaire Enhanced YouTube Shortcode <2.0.1 - XSS
CVSS 6.5
CVE-2025-23943 MEDIUM
arul/aruvi PDF.js Shortcode <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23941 MEDIUM
MeinTurnierplan.de Widget Viewer <1.1 - XSS
CVSS 6.5
CVE-2025-23940 MEDIUM
Saiem Khan Image Switcher <0.1.1 - XSS
CVSS 6.5
CVE-2025-23939 MEDIUM
Saiem Khan Image Switcher <1.1 - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High