CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-22463 MEDIUM
Micro.company Form to Chat App <= 1.2.5 - XSS
CVSS 6.5
CVE-2026-22388 MEDIUM
Imran Emu Owl Carousel WP <2.2.2 - XSS
CVSS 5.9
CVE-2026-22353 MEDIUM
teachPress <= 9.0.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-22349 MEDIUM
Menu In Post <= 1.4.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-22347 MEDIUM
Carousel Horizontal Posts Content Slider <4 - XSS
CVSS 6.5
CVE-2026-0535 HIGH
Autodesk Fusion < 2606.1.21 - Stored Cross-Site Scripting via Component Description
CVSS 8.1
CVE-2026-0534 HIGH
Autodesk Fusion < 2606.1.21 - Stored Cross-Site Scripting via Part Attribute
CVSS 8.1
CVE-2026-0533 HIGH
Autodesk Fusion < 2606.1.21 - Stored Cross-Site Scripting via Design Name in Delete Confirmation Dialog
CVSS 8.1
CVE-2026-24037 MEDIUM
Horilla 1.4.0 - Stored Cross-Site Scripting via Incomplete Regex Filter Bypass
CVSS 4.8
CVE-2026-23887 MEDIUM
Group-Office <6.8.148 & 25.0.1-25.0.79 - XSS
CVSS 5.4
CVE-2026-23630 MEDIUM
docmost 0.3.0-0.23.2 - Stored Cross-Site Scripting via Mermaid Diagram Rendering
CVSS 5.4
CVE-2026-23960 MEDIUM
Argo Workflows < 3.6.17 - Stored Cross-Site Scripting in Artifact Directory Listing
CVSS 5.4
CVE-2026-23516 MEDIUM
CVAT 2.2.0-2.54.0 - Stored Cross-Site Scripting via Malicious Label or SVG Upload
CVSS 5.4
CVE-2026-23499 MEDIUM
Saleor <3.20.108-3.22.27 - Code Injection
CVSS 5.4
CVE-2026-22849 MEDIUM
Saleor 3.0.0-3.20.107 - Stored Cross-Site Scripting via Rich Text HTML Injection
CVSS 4.8
CVE-2026-22808 MEDIUM
fleetdm/fleet < 4.78.2 - Unauthenticated Stored XSS via Windows MDM
CVSS 5.4
CVE-2026-20109 MEDIUM
Cisco Packaged CCE/Unified CCE - XSS
CVSS 4.8
CVE-2026-20055 MEDIUM
Cisco Packaged CCE/Unified CCE - XSS
CVSS 4.8
CVE-2026-21951 MEDIUM
Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Unauthenticated Cross-Site Scripting in Integration Broker
CVSS 6.1
CVE-2026-21947 LOW
Oracle Java SE 8u471-b50 - Unauthenticated Cross-Site Scripting in JavaFX
CVSS 3.1
CVE-2026-21946 MEDIUM
Oracle JD Edwards EnterpriseOne Tools 9.2.0.0-9.2.26.0 - Unauthenticated Cross-Site Scripting in Web Runtime SEC
CVSS 6.1
CVE-2026-21944 MEDIUM
Oracle Agile Product Lifecycle Management for Process 6.2.4 - Cross-Site Scripting
CVSS 6.5
CVE-2026-21943 MEDIUM
Oracle Scripting 12.2.3-12.2.15 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2026-21664 MEDIUM
Revive Adserver 6.0.0-6.0.3 - Reflected Cross-Site Scripting via afr.php Parameter
CVSS 6.1
CVE-2026-21663 MEDIUM
Revive Adserver 6.0.0-6.0.3 - Reflected Cross-Site Scripting in banner-acl.php
CVSS 6.1
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits