Weaknesses of type CWE-79
26,098 resultsCVE-2023-29442MEDIUMZoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.EPSS 9.4%CVE-2023-0594HIGHGrafana is an open-source platform for monitoring and observability.
Starting with the 7.0 branch, Grafana had a stored XSS vulnerability EPSS 9.2%CVE-2025-9816HIGHWP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent HeaderEPSS 9.1%CVE-2023-30256MEDIUMCross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back andEPSS 8.7%CVE-2025-41750HIGHReflected XSS vulnerability in pxc_PortCfg.phpEPSS 8.4%CVE-2025-41748HIGHReflected XSS vulnerability in pxc_Dot1xCfg.phpEPSS 8.4%CVE-2022-0734MEDIUMA cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FEPSS 8.4%CVE-2024-31204MEDIUMmailcow Cross-site Scripting Vulnerability via Exception HandlerEPSS 8.2%CVE-2025-41746HIGHReflected XSS vulnerability in pxc_portSecCfg.phpEPSS 8.2%CVE-2025-41752HIGHReflected XSS vulnerability in pxc_portSfp.phpEPSS 8.2%CVE-2025-41747HIGHReflected XSS vulnerability in pxc_vlanIntfCfg.phpEPSS 8.2%CVE-2025-41751HIGHReflected XSS vulnerability in pxc_portCntr.phpEPSS 8.2%CVE-2021-23282MEDIUMStored Cross-site Scripting reported in Intelligent Power Manager v1EPSS 8.2%CVE-2022-0422—White Label MS < 2.2.9 - Reflected Cross-Site ScriptingEPSS 8.1%CVE-2023-30212MEDIUMOURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.EPSS 8.1%CVE-2024-31839MEDIUMCross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandlerEPSS 8.1%CVE-2021-41183MEDIUMXSS in `*Text` options of the Datepicker widgetEPSS 7.9%CVE-2022-23808MEDIUMAn issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can alEPSS 7.9%CVE-2021-29484MEDIUMDOM XSS in Theme PreviewEPSS 7.9%CVE-2021-21803CRITICALThis vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially craftEPSS 7.9%