Weaknesses of type CWE-79
25,980 resultsCVE-2020-11022MEDIUMjQuery has a potential XSS vulnerabilityEPSS 99.0%CVE-2019-3929CRITICALThe Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1EPSS 99.0%KEVCVE-2023-28341MEDIUMStored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inEPSS 98.8%CVE-2023-2948HIGHCross-site Scripting (XSS) - Generic in openemr/openemrEPSS 96.7%CVE-2023-2442HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 befoEPSS 96.1%CVE-2022-2733CRITICALCross-site Scripting (XSS) - Reflected in openemr/openemrEPSS 95.8%CVE-2025-4123HIGHA cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attaEPSS 94.7%CVE-2022-3562MEDIUMCross-site Scripting (XSS) - Stored in librenms/librenmsEPSS 94.2%CVE-2022-4067LOWCross-site Scripting (XSS) - Stored in librenms/librenmsEPSS 93.7%CVE-2022-4069LOWCross-site Scripting (XSS) - Generic in librenms/librenmsEPSS 93.3%CVE-2023-0992HIGHShield Security <= 17.0.17 - Unauthenticated Stored Cross-Site ScriptingEPSS 93.0%CVE-2021-25921MEDIUMIn OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly iEPSS 91.1%CVE-2023-2947MEDIUMCross-site Scripting (XSS) - Stored in openemr/openemrEPSS 90.8%CVE-2022-1707MEDIUMGoogle Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site SearchEPSS 88.6%CVE-2020-5398HIGHRFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux ApplicationEPSS 88.1%CVE-2021-27907—Apache Superset stored XSS on Dashboard markdownEPSS 86.4%CVE-2022-3265HIGHA cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prioEPSS 86.3%CVE-2020-3580MEDIUMCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting VulnerabilitiesEPSS 85.4%KEVCVE-2021-25080—Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site ScriptingEPSS 84.8%CVE-2023-44352MEDIUMUnauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last versionEPSS 84.8%