Weaknesses of type CWE-87
53 resultsCVE-2025-48366MEDIUMGroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized ActionsEPSS 0.2%CVE-2025-55291HIGHShaarli allows reflected XSS via searchtags parameterEPSS 0.2%CVE-2026-46492HIGHmd-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)EPSS 0.2%CVE-2026-34598HIGHYesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"EPSS 0.2%CVE-2026-45314HIGHOpen WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/imageEPSS 0.2%CVE-2025-8561MEDIUMOva Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.2%CVE-2026-55237HIGHAutoGPT SignUp Page has DOM-Based XSS and Open RedirectEPSS 0.2%CVE-2026-35534HIGHChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute InjectionEPSS 0.2%CVE-2025-52563MEDIUMChamilo: Reflected XSS via page parameterEPSS 0.2%CVE-2025-48076MEDIUMGalette is vulnerable to Cross-site ScriptingEPSS 0.1%CVE-2025-65961LOWContao is vulnerable to cross-site scripting in templatesEPSS 0.1%CVE-2025-48494MEDIUMGokapi vulnerable to stored XSS via uploading file with malicious file nameEPSS 0.1%CVE-2025-48495MEDIUMGokapi has stored XSS vulnerability in friendly name for API keysEPSS 0.1%