Fallos del tipo CWE-79
26.052 resultadosCVE-2025-29513MEDIUMCross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API AccessEPSS 11.3%CVE-2024-43686MEDIUMReflected XSS in TimeProvider 4100 chart componentEPSS 11.2%CVE-2022-41702HIGHDelta Electronics DIAEnergieEPSS 11.1%CVE-2022-41651HIGHDelta Electronics DIAEnergieEPSS 11.1%CVE-2022-41555HIGHDelta Electronics DIAEnergieEPSS 11.1%CVE-2022-40965HIGHDelta Electronics DIAEnergieEPSS 11.1%CVE-2022-41701HIGHDelta Electronics DIAEnergieEPSS 11.1%CVE-2025-30292MEDIUMColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)EPSS 11.1%CVE-2021-24320—Bello < 1.6.0 - Unauthenticated Reflected XSS & XFSEPSS 10.8%CVE-2021-24300—PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)EPSS 10.6%CVE-2025-2703MEDIUMThe built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.
A user with Editor permissions is able to modify such a panel in orEPSS 10.6%CVE-2021-31558MEDIUMDelta Electronics DIAEnergie (Update A)EPSS 10.6%CVE-2021-24287—Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)EPSS 10.4%CVE-2021-24169—Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)EPSS 10.3%CVE-2021-21802CRITICALThis vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially craftEPSS 9.9%CVE-2025-34174MEDIUMNetgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site ScriptingEPSS 9.8%CVE-2022-35698CRITICALAdobe Commerce Stored XSS Arbitrary code executionEPSS 9.7%CVE-2019-10241—In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote clEPSS 9.6%CVE-2021-29625HIGHXSS in doc_linkEPSS 9.6%CVE-2021-44544HIGHDelta Electronics DIAEnergie (Update A)EPSS 9.5%