CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-0458 MEDIUM
Virtual Computer Vysual RH Solution 2024.12.1 - XSS
CVSS 4.3
CVE-2025-23038 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via remuneracao.php descricao Parameter
CVSS 5.4
CVE-2025-23037 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via control.php cargo Parameter
CVSS 5.4
CVE-2025-23036 MEDIUM
WeGIA < 3.2.7 - Reflected Cross-Site Scripting via msg_e Parameter
CVSS 5.4
CVE-2025-23035 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via tipo Parameter in adicionar_tipo_quadro_horario.php
CVSS 5.4
CVE-2025-23034 MEDIUM
WeGIA < 3.2.6 - Reflected Cross-Site Scripting via msg_e Parameter
CVSS 6.1
CVE-2025-23033 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via adicionar_situacao.php situacao Parameter
CVSS 5.4
CVE-2025-23032 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via escala Parameter in adicionar_escala.php
CVSS 5.4
CVE-2025-23031 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via adicionar_alergia.php nome Parameter
CVSS 5.4
CVE-2025-23030 MEDIUM
WeGIA < 3.2.6 - Reflected Cross-Site Scripting via CPF Parameter
CVSS 6.1
CVE-2025-22619 MEDIUM
WeGIA < 3.2.6 - Reflected Cross-Site Scripting via msg_c Parameter
CVSS 6.1
CVE-2025-22618 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via Cargo Parameter in adicionar_cargo.php
CVSS 5.4
CVE-2025-22617 MEDIUM
WeGIA < 3.2.7 - Reflected Cross-Site Scripting via socio Parameter
CVSS 6.1
CVE-2025-22616 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via dependente_parentesco_adicionar.php descricao Parameter
CVSS 5.4
CVE-2025-22615 MEDIUM
WeGIA < 3.2.6 - Reflected Cross-Site Scripting via CPF Parameter in Cadastro_Atendido.php
CVSS 6.1
CVE-2025-22614 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via dependente_editarInfoPessoal.php Parameters
CVSS 5.4
CVE-2025-22613 MEDIUM
WeGIA < 3.2.6 - Stored Cross-Site Scripting via informacao_adicional.php descricao Parameter
CVSS 5.4
CVE-2025-23026 MEDIUM
jte < 3.1.16 - Cross-Site Scripting via Unescaped JavaScript Template Strings
CVSS 6.1
CVE-2025-22142 MEDIUM
NamelessMC < 2.1.3 - Stored Cross-Site Scripting via Custom Profile Field
CVSS 5.4
CVE-2025-22588 HIGH
Scanventory <= 1.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22586 HIGH
WPEX Replace DB Urls <= 0.4.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22583 HIGH
Anshul Sojatia Scan External Links <1.0 - XSS
CVSS 7.1
CVE-2025-22576 HIGH
Site PIN <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22570 HIGH
Inline Tweets <= 2.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22569 HIGH
Grandslambert Featured Page Widget <2.2 - XSS
CVSS 7.1
Details
Vulnerabilities 45,293
Exploit Likelihood High