CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,734 vulnerabilities with CWE-79
CVE-2026-46396 CRITICAL
HAX CMS <26.0.0 iframe Handling - Stored Cross-Site Scripting
CVE-2026-11338 LOW
SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting
CVSS 2.4
CVE-2026-11337 MEDIUM
tittuvarghese CollegeManagementSystem fetch.php cross site scripting
CVSS 4.3
CVE-2026-38579 MEDIUM
damasac thaipalliative_lte <= 3.0 - Reflected Cross-Site Scripting via idFormMain, id, and ptid_key Parameters
CVSS 6.1
CVE-2026-50235 MEDIUM
Lyrion Music Server 9.2.0 Reflected XSS via search Parameters
CVSS 6.1
CVE-2026-50232 HIGH
Lyrion Music Server 9.2.0 Stored XSS via Metadata Tags
CVSS 7.2
CVE-2026-50231 HIGH
Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log
CVSS 7.2
CVE-2026-50230 MEDIUM
Lyrion Music Server 9.2.0 Reflected XSS via server.log
CVSS 6.1
CVE-2026-21825 MEDIUM
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center
CVSS 6.1
CVE-2026-50592 MEDIUM
Znuny - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 6.4
CVE-2026-50591 MEDIUM
Znuny - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2026-11273 MEDIUM
Google Chrome - Improper Input Validation
CVSS 6.1
CVE-2026-11186 MEDIUM
Google Chrome - XSS
CVSS 6.1
CVE-2026-11166 MEDIUM
Google Chrome - XSS
CVSS 6.8
CVE-2026-11150 MEDIUM
Google Chrome - XSS
CVSS 6.1
CVE-2026-41518 HIGH
Chartbrew 4.9.0-5.0.0 Chart Tooltip - Stored Cross-Site Scripting
CVSS 7.6
CVE-2026-43984 HIGH
Tautulli has stored XSS in logFile via guest-controlled log_js_errors input
CVSS 8.9
CVE-2026-10810 MEDIUM
itsourcecode Fees Management System navbar.php cross site scripting
CVSS 4.3
CVE-2026-37700 MEDIUM
MaxSite CMS 109.2 - Cross-Site Scripting via Backend Page File Upload Endpoint
CVSS 4.1
CVE-2026-42840 MEDIUM
ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals
CVE-2026-42839 MEDIUM
ERPNext 16.16.0 - Stored XSS in POS cart item rendering
CVE-2026-26378 MEDIUM
Koha < 25.11 - Stored Cross-Site Scripting via Invoice File Upload
CVSS 5.4
CVE-2026-39107 MEDIUM
Kimi AI 1.0 - Stored Cross-Site Scripting in Preview Feature
CVSS 6.3
CVE-2026-36460 MEDIUM
Dovestones Softwares ADPhonebook < 4.0.1.1 - Authenticated Stored Cross-Site Scripting via Admin Save API
CVSS 4.8
CVE-2026-20233 MEDIUM
Cisco Webex Meetings Cross-Site Scripting Vulnerability
CVSS 6.1
Details
Vulnerabilities 44,734
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits