Fallos del tipo CWE-79
26.052 resultadosCVE-2021-22889—Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly otEPSS 36.3%CVE-2024-43362HIGHStored Cross-site Scripting (XSS) when creating external links in CactiEPSS 35.5%CVE-2025-5301MEDIUMReflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)EPSS 34.9%CVE-2023-0563LOWPHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scriptingEPSS 34.8%CVE-2024-43364MEDIUMStored Cross-site Scripting (XSS) when creating external links in CactiEPSS 34.4%CVE-2024-32479HIGHLibreNMS's Improper Sanitization on Service template name leads to Stored XSSEPSS 34.1%CVE-2013-5223MEDIUMMultiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitraEPSS 33.6%KEVCVE-2020-35730MEDIUMAn XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain EPSS 32.8%KEVCVE-2024-4901HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 32.8%CVE-2024-42008CRITICALA Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attEPSS 32.3%CVE-2024-21725MEDIUM[20240204] - Core - XSS in mail address outputsEPSS 32.2%CVE-2023-24322MEDIUMA reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbEPSS 31.7%CVE-2025-23200MEDIUMStored XSS-LibreNMS-Misc Section in librenmsEPSS 30.9%CVE-2025-10573CRITICALStored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScriptEPSS 29.5%CVE-2023-30405MEDIUMA cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scEPSS 29.3%CVE-2025-30349HIGHHorde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted tEPSS 29.2%CVE-2022-32209—# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::SaniEPSS 29.1%CVE-2023-1861MEDIUMLimit Login Attempts < 1.7.2 - Subscriber+ Stored XSSEPSS 28.8%CVE-2023-0084HIGHMetform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site ScriptingEPSS 28.6%CVE-2024-6886CRITICALInproper Sanitation of field leading to stored XSSEPSS 28.2%