CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-24671 MEDIUM
Open eClass Platform < 4.2 - Authenticated Stored Cross-Site Scripting in User Input Fields
CVSS 6.1
CVE-2026-24665 HIGH
Open eClass Platform < 4.2 - Authenticated Stored Cross-Site Scripting via Assignment File Upload
CVSS 8.7
CVE-2026-23794 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XSS
CVSS 6.8
CVE-2026-24988 MEDIUM
The Events Calendar Shortcode & Block <= 3.1.1 - XSS
CVSS 6.5
CVE-2026-24958 MEDIUM
Crocoblock JetElements For Elementor <= 2.7.12.2 - XSS
CVSS 6.5
CVE-2026-24952 MEDIUM
Seriously Simple Podcasting <3.14.1 - XSS
CVSS 6.5
CVE-2026-24938 MEDIUM
Better Search <= 4.2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2026-1592 MEDIUM
Foxit PDF Editor Cloud <2026-02-03 - XSS
CVSS 6.3
CVE-2026-1591 MEDIUM
Foxit PDF Editor Cloud <2026-02-03 - XSS
CVSS 6.3
CVE-2026-1210 MEDIUM
Happy Addons for Elementor <3.20.7 - XSS
CVSS 6.4
CVE-2026-1058 HIGH
Form Maker by 10Web < 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field Values
CVSS 7.1
CVE-2026-0617 HIGH
LatePoint - Calendar Booking Plugin <5.2.5 - XSS
CVSS 7.2
CVE-2026-25144 MEDIUM
Talishar - Stored Cross-Site Scripting via PlayerID Parameter in SubmitChat.php
CVSS 5.3
CVE-2026-23997 HIGH
FacturaScripts < 2025.71 - Stored Cross-Site Scripting in Observations Field History View
CVSS 8.0
CVE-2026-23476 MEDIUM
FacturaScripts < 2025.8 - Reflected Cross-Site Scripting via Database Error Message
CVSS 5.4
CVE-2026-22881 MEDIUM
Cybozu Garoon 5.15.0-6.0.3 - Cross-Site Scripting in Message Function
CVSS 5.4
CVE-2026-20711 MEDIUM
Cybozu Garoon 5.0.0-6.0.3 - Cross-Site Scripting in E-mail Function
CVSS 6.1
CVE-2026-1744 LOW
D-Link DSL-6641K N8.TR069.20131126 - XSS
CVSS 2.4
CVE-2026-25156 HIGH
HotCRP 3.2 - Cross-Site Scripting via Inline Document Rendering
CVSS 7.3
CVE-2026-25154 MEDIUM
LocalSend <= 1.17.0 - Stored Cross-Site Scripting in File Sharing Web Interface
CVSS 6.1
CVE-2026-1705 LOW
D-Link DSL-6641K N8.TR069.20131126 - XSS
CVSS 2.4
CVE-2026-1700 LOW
projectworlds House Rental and Property Listing 1.0 - Cross-Site Scripting via SMS Message Parameter
CVSS 3.5
CVE-2026-24855 MEDIUM
ChurchCRM < 6.7.2 - Stored Cross-Site Scripting in Church Calendar Event Description
CVSS 5.4
CVE-2026-25117 HIGH
pwn.college DOJO <e33da14449a5abcff507e554f66e2141d6683b0a - XSS
CVE-2026-1598 LOW
Bdtask Bhojon All-In-One Restaurant Management System <20260116 - XSS
CVSS 3.5
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits