CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-1444 LOW
iJason-Liu Books_Manager - Cross-Site Scripting via Mark Parameter in Add Book Check
CVSS 2.4
CVE-2026-24433 MEDIUM
Tenda W30E V2 <= 16.01.0.19(5037) - Stored Cross-Site Scripting via User Name Field
CVSS 5.4
CVE-2026-1446 MEDIUM
Esri ArcGIS Pro < 3.6.1 - Cross-Site Scripting via Specific Dialog
CVSS 5.0
CVE-2026-1429 MEDIUM
WellChoose Single Sign-On Portal System < iftop_p4_181 - Authenticated Reflected Cross-Site Scripting
CVSS 5.4
CVE-2026-1421 LOW
Online Examination System 1.0 - Stored Cross-Site Scripting in Add Pages
CVSS 3.5
CVE-2026-0862 MEDIUM
Save as PDF Plugin by PDFCrowd - WordPress <=4.5.5 - XSS
CVSS 6.1
CVE-2026-1302 MEDIUM
Meta-box GalleryMeta <= 3.0.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2026-1300 MEDIUM
Responsive Header plugin <1.0 - XSS
CVSS 4.4
CVE-2026-1266 MEDIUM
Postalicious WordPress <3.0.1 - XSS
CVSS 4.4
CVE-2026-1191 MEDIUM
JavaScript Notifier <= 1.2.8 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-1189 MEDIUM
LeadBI Plugin for WordPress <= 1.7 - Authenticated Stored Cross-Site Scripting via form_id Parameter
CVSS 6.4
CVE-2026-1127 MEDIUM
Timeline Event History <= 3.2 - Unauthenticated Reflected Cross-Site Scripting via ID Parameter
CVSS 6.1
CVE-2026-1098 MEDIUM
CM CSS Columns <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Tag Shortcode Attribute
CVSS 6.4
CVE-2026-0800 HIGH
User Submitted Posts <20251210 - XSS
CVSS 7.2
CVE-2026-1099 MEDIUM
WordPress Administrative Shortcodes <0.3.4 - XSS
CVSS 6.4
CVE-2026-1097 MEDIUM
ThemeRuby Multi Authors - WordPress <1.0.0 - XSS
CVSS 6.4
CVE-2026-1095 MEDIUM
Canto Testimonials <= 1.0 - Authenticated Stored Cross-Site Scripting via 'fx' Shortcode Attribute
CVSS 6.4
CVE-2026-1084 MEDIUM
Cookie consent for developers plugin - WordPress <1.7.1 - XSS
CVSS 4.4
CVE-2026-24399 CRITICAL
ChatterMate <1.0.8 - Client-Side Injection
CVSS 9.3
CVE-2026-24128 MEDIUM
XWiki Platform 7.0-milestone-2-16.10.11, 17.0.0-rc-1-17.4.4, 17.5.0-rc-1-17.7.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-24127 MEDIUM
typemill < 2.19.2 - Reflected Cross-Site Scripting via Login Error Template
CVSS 5.4
CVE-2026-24632 MEDIUM
jagdish1o1 Delay Redirects <=1.0.0 - XSS
CVSS 5.9
CVE-2026-24630 MEDIUM
Stylish Cost Calculator <8.1.8 - XSS
CVSS 6.5
CVE-2026-24629 MEDIUM
Ability, Inc Web Accessibility <2.1.0 - XSS
CVSS 5.9
CVE-2026-24626 MEDIUM
LogicHunt Logo Slider <= 4.9.0 - XSS
CVSS 5.9
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits