CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-21642 MEDIUM
Revive Adserver < 6.0.4 - Reflected Cross-Site Scripting via banner-acl.php and channel-acl.php
CVSS 6.1
CVE-2026-0690 MEDIUM
FlatPM - Ad Manager <= 3.2.2 - Authenticated Stored XSS via rank_math_description
CVSS 6.4
CVE-2026-0608 MEDIUM
Head Meta Data <= 20251118 - Authenticated Stored Cross-Site Scripting via Post Meta Field
CVSS 6.4
CVE-2026-1183 MEDIUM
Botble TransP Athena Martfury Homzen - Stored Cross-Site Scripting via Search q Parameter
CVE-2026-1045 MEDIUM
Viet contact <= 1.3.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2026-1042 MEDIUM
WP Hello Bar <= 1.02 - Authenticated Stored Cross-Site Scripting via digit_one and digit_two Parameters
CVSS 4.4
CVE-2026-23880 HIGH
OnboardLite <commit 1d32081a66f21bcf41df1ecb672490b13f6e429f - XSS
CVSS 7.3
CVE-2026-23852 CRITICAL
SiYuan < 3.5.4 - Stored Cross-Site Scripting via Block Icon Attribute
CVSS 9.6
CVE-2026-23847 MEDIUM
SiYuan < 3.5.4 - Reflected Cross-Site Scripting via Dynamic Icon SVG Content Parameter
CVSS 6.1
CVE-2026-23841 CRITICAL
Movary < 0.70.0 - Cross-Site Scripting via CategoryCreated Parameter
CVSS 9.3
CVE-2026-23840 CRITICAL
Movary < 0.70.0 - Cross-Site Scripting via CategoryDeleted Parameter
CVSS 9.3
CVE-2026-23839 CRITICAL
Movary < 0.70.0 - Cross-Site Scripting via CategoryUpdated Parameter
CVSS 9.3
CVE-2026-23625 HIGH
OpenProject 16.3.0-16.6.4 - Stored Cross-Site Scripting in Roadmap View
CVSS 8.7
CVE-2026-1161 LOW
pbrong hrms 1.0.1 - Cross-Site Scripting in UpdateRecruitmentById Function
CVSS 3.5
CVE-2026-21618 MEDIUM
hexpm - Cross-Site Scripting in SharedAuthorizationView render_grouped_scopes
CVSS 6.1
CVE-2026-1151 LOW
technical-laohu mpay < 1.2.4 - Cross-Site Scripting via Nickname Parameter
CVSS 2.4
CVE-2026-1147 LOW
Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via Reason Parameter
CVSS 3.5
CVE-2026-1146 LOW
Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via firstName/lastName Parameter
CVSS 3.5
CVE-2026-1136 LOW
lcg0124 BootDo <e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb - XSS
CVSS 3.5
CVE-2026-1135 MEDIUM
itsourcecode Society Management System 1.0 - Cross-Site Scripting via Title Parameter in Activity Page
CVSS 4.3
CVE-2026-1134 MEDIUM
Society Management System 1.0 - Cross-Site Scripting via Expenses Detail Parameter
CVSS 4.3
CVE-2026-23525 MEDIUM
1Panel < 1.10.34 - Stored Cross-Site Scripting in App Store Application Details
CVSS 6.4
CVE-2026-1049 LOW
LigeroSmart < 6.1.26 - Cross-Site Scripting via TicketID Parameter in /otrs/index.pl
CVSS 3.5
CVE-2026-1048 LOW
ligerosmart < 6.1.26 - Cross-Site Scripting via TicketID Parameter in AgentTicketZoom
CVSS 3.5
CVE-2026-0725 MEDIUM
Integrate Dynamics 365 CRM plugin - WordPress <1.1.1 - XSS
CVSS 4.4
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits