CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,962 vulnerabilities with CWE-79
CVE-2026-0724 MEDIUM
WPlyr Media Block <= 1.3.0 - Authenticated Stored Cross-Site Scripting via _wplyr_accent_color Parameter
CVSS 4.4
CVE-2026-1893 MEDIUM
Orbisius Random Name Generator <1.0.2 - XSS
CVSS 6.4
CVE-2026-1231 MEDIUM
Beaver Builder Page Builder - WordPress <2.10.0.5 - XSS
CVSS 6.4
CVE-2026-1571 MEDIUM
TP-Link Archer C60 v3 < 260206 - Reflected Cross-Site Scripting via Crafted URL
CVSS 6.1
CVE-2026-25956 MEDIUM
Frappe <14.99.14-15.94.0 - Open Redirect
CVSS 6.1
CVE-2026-24045 HIGH
docmost 0.20.0-0.24.9 - Stored Cross-Site Scripting via Public Share Page Title
CVSS 7.3
CVE-2026-21529 MEDIUM
Azure HDInsight < 5.1 - Cross-Site Scripting
CVSS 5.7
CVE-2026-1922 MEDIUM
The Events Calendar Shortcode & Block <3.1.2 - XSS
CVSS 6.4
CVE-2026-1866 HIGH
Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding
CVSS 7.2
CVE-2026-2099 MEDIUM
AgentFlow < 4.0.0.1878.877 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-2098 MEDIUM
flowring agentflow < 4.0.0.1878.877 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-0996 MEDIUM
Fluent Forms < 6.1.14 - Authenticated Stored Cross-Site Scripting via AI Form Builder
CVSS 6.4
CVE-2026-24325 MEDIUM
SAP BusinessObjects Enterprise - XSS
CVSS 4.8
CVE-2026-0505 MEDIUM
SAP Document Management System - Unauthenticated Open Redirect via URL Parameter Manipulation
CVSS 6.1
CVE-2026-25496 MEDIUM
Craft CMS 4.0.0-4.16.17 and 5.0.0-RC1-5.8.21 - Stored Cross-Site Scripting in Number Field Prefix and Suffix Settings
CVSS 4.8
CVE-2026-25491 MEDIUM
Craft CMS 5.0.0-RC1-5.8.21 - Stored Cross-Site Scripting via Entry Type Names
CVSS 4.8
CVE-2026-25230 MEDIUM
FileRise < 3.3.0 - Authenticated HTML Injection via DOM Manipulation
CVSS 4.6
CVE-2026-1960 MEDIUM
Loggro Pymes < 1.0.124 - Stored Cross-Site Scripting via Facebook Parameter
CVE-2026-1959 MEDIUM
Loggro Pymes < 1.0.124 - Stored Cross-Site Scripting via Descripcin Parameter
CVE-2026-25847 HIGH
JetBrains PyCharm < 2025.3.2 - DOM-based Cross-Site Scripting in Jupyter Viewer
CVSS 8.2
CVE-2026-2224 LOW
Online Reviewer System 1.0 - Cross-Site Scripting via Firstname Parameter
CVSS 3.5
CVE-2026-2222 LOW
Online Reviewer System 1.0 - Cross-Site Scripting via Firstname Parameter
CVSS 2.4
CVE-2026-2214 LOW
online_music_site - Cross-Site Scripting via txtalbum Parameter in AdminAddAlbum.php
CVSS 2.4
CVE-2026-2201 LOW
ZeroWdd studentmanager <2151560fc0a50ec00426785ec1e01a3763b380d9 - XSS
CVSS 2.4
CVE-2026-2200 LOW
heyewei JFinalCMS 5.0.0 - Cross-Site Scripting via /admin/admin/save Endpoint
CVSS 2.4
Details
Vulnerabilities 44,962
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits