CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-1469 MEDIUM
RLE NOVA PlanManager - Stored Cross-Site Scripting via Comment and Brand Parameters
CVSS 5.4
CVE-2026-24769 CRITICAL
NocoDB < 0.301.0 - Authenticated Stored Cross-Site Scripting via SVG Attachment Upload
CVSS 9.0
CVE-2026-0749 MEDIUM
Drupal Form Builder 7.x-1.0-7.x-1.22 - Cross-Site Scripting
CVSS 6.1
CVE-2026-1520 LOW
rethinkdb <= 2.4.3 - Cross-Site Scripting in Secondary Index Handler
CVSS 2.4
CVE-2026-1399 MEDIUM
WP Google Ad Manager Plugin <1.1.0 - XSS
CVSS 4.4
CVE-2026-1391 MEDIUM
Vzaar Media Management <= 1.2 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 5.3
CVE-2026-0483 MEDIUM
LiveHelperChat < 4.72 - Stored Cross-Site Scripting via PDF File Upload
CVE-2026-1381 MEDIUM
Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.4
CVE-2026-1053 MEDIUM
Ivory Search - WordPress Search Plugin <5.5.13 - XSS
CVSS 4.4
CVE-2026-1466 MEDIUM
jirafeau < 4.7.1 - Stored Cross-Site Scripting via MIME Type Bypass
CVSS 6.1
CVE-2026-1295 MEDIUM
Stripe plugin for WordPress <1.0.3 - XSS
CVSS 6.4
CVE-2026-1244 MEDIUM
Forms Bridge - Infinite integrations <4.2.5 - XSS
CVSS 6.4
CVE-2026-1083 MEDIUM
Appointment Hour Booking <= 1.5.60 - Authenticated Stored XSS via Form Field
CVSS 4.4
CVE-2026-1513 MEDIUM
billboard.js < 3.18.0 - Cross-Site Scripting via Chart Option Binding
CVSS 6.1
CVE-2026-24838 CRITICAL
Dnnsoftware Dotnetnuke < 9.13.10 - XSS
CVSS 9.1
CVE-2026-24837 HIGH
Dnnsoftware Dotnetnuke < 9.13.10 - XSS
CVSS 7.6
CVE-2026-24836 HIGH
Dnnsoftware Dotnetnuke < 9.13.10 - XSS
CVSS 7.6
CVE-2026-24833 HIGH
Dnnsoftware Dotnetnuke < 9.13.10 - XSS
CVSS 7.6
CVE-2026-24784 MEDIUM
Dnnsoftware Dotnetnuke < 9.13.10 - XSS
CVSS 6.8
CVE-2026-24778 HIGH
Ghost 5.43.0-5.120.4 6.0.0-6.14.0 - Stored Cross-Site Scripting via Crafted Link
CVSS 8.8
CVE-2026-24771 MEDIUM
Hono < 4.11.7 - Cross-Site Scripting in ErrorBoundary Component
CVSS 4.7
CVE-2026-24348 MEDIUM
EZCast Pro II Firmware 1.17478.146 - Cross-Site Scripting in Admin UI
CVSS 6.1
CVE-2026-24824 MEDIUM
yacy_search_server < 1.92 - Cross-Site Scripting in YaCyDefaultServlet.java
CVE-2026-24490 HIGH
Mobile Security Framework < 4.4.5 - Stored Cross-Site Scripting via Android Manifest Host Attribute
CVSS 8.1
CVE-2026-24476 MEDIUM
Shaarli < 0.16.0 - Cross-Site Scripting via Malicious Tag Input
CVSS 5.4
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits