CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22568 HIGH
Paramveer Singh - Arete IT Private Limited - XSS
CVSS 7.1
CVE-2025-22567 HIGH
TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22514 HIGH
Yamna Tatheer KNR Author List Widget <3.1.1 - XSS
CVSS 7.1
CVE-2025-22506 HIGH
Smart Agenda <= 4.7 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22499 HIGH
FAKTOR VIER F4 Post Tree <1.1.18 - XSS
CVSS 7.1
CVE-2025-22498 HIGH
LucidLMS <= 1.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22344 HIGH
Convoy Media Category Library <2.7 - XSS
CVSS 7.1
CVE-2025-22337 HIGH
Order Audit Log for WooCommerce <2.0 - XSS
CVSS 7.1
CVE-2025-22314 HIGH
WP Scripts Food Store - Online Food Delivery & Pickup <1.5.1 - XSS
CVSS 7.1
CVE-2025-0400 LOW
starsea-mall 1.0 - Cross-Site Scripting via /admin/categories/update categoryName Parameter
CVSS 2.4
CVE-2025-0398 LOW
longpi1 warehouse 1.0 - Cross-Site Scripting via Remark Parameter
CVSS 2.4
CVE-2025-0397 LOW
reckcn SPPanAdmin 1.0 - Cross-Site Scripting via /admin/role/edit Name Parameter
CVSS 3.5
CVE-2025-23108 MEDIUM
Firefox for iOS < 134 - URL Spoofing via JavaScript Link Long-Press
CVSS 4.3
CVE-2025-0104 MEDIUM
Palo Alto Networks Expedition - XSS
CVSS 6.1
CVE-2025-23112 MEDIUM
REDCap 14.9.6 - Authenticated Stored Cross-Site Scripting in Survey Field Name
CVSS 6.1
CVE-2025-23111 MEDIUM
REDCap 14.9.6 - HTML Injection via Survey Field Name
CVSS 4.7
CVE-2025-23110 MEDIUM
REDCap 14.9.6 - Reflected Cross-Site Scripting via CSV Alert Configuration Email Subject
CVSS 6.1
CVE-2025-23079 MEDIUM
Mediawiki - ArticleFeedbackv5 <1.42.2 - XSS
CVSS 6.1
CVE-2025-23078 MEDIUM
Wikimedia Foundation Mediawiki - Breadcrumbs2 <1.39.11-1.42.4 - XSS
CVSS 6.5
CVE-2025-22600 MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via configuracao_doacao.php avulso Parameter
CVSS 6.5
CVE-2025-22599 MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via home.php msg_c Parameter
CVSS 6.5
CVE-2025-22598 HIGH
WeGIA < 3.2.8 - Stored Cross-Site Scripting via cadastrarSocio.php local_recepcao Parameter
CVSS 8.3
CVE-2025-22597 HIGH
WeGIA < 3.2.8 - Stored Cross-Site Scripting via CobrancaController.php local_recepcao Parameter
CVSS 8.3
CVE-2025-22596 MEDIUM
WeGIA < 3.2.8 - Reflected Cross-Site Scripting via modulos_visiveis.php msg_c Parameter
CVSS 6.5
CVE-2025-0311 MEDIUM
Orbit Fox by ThemeIsle <2.10.43 - XSS
CVSS 6.4
Details
Vulnerabilities 45,293
Exploit Likelihood High