CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-0833 MEDIUM
Team Section Block < 2.0.0 - Authenticated Stored Cross-Site Scripting via Social Network Link URLs
CVSS 6.4
CVE-2026-0691 MEDIUM
CM E-Mail Blacklist < 1.6.2 - Authenticated Stored Cross-Site Scripting via Black Email Parameter
CVSS 4.4
CVE-2026-0518 MEDIUM
Absolute Secure Access < 14.20 - Authenticated Cross-Site Scripting
CVSS 4.8
CVE-2026-23643 MEDIUM
CakePHP 5.2.10-5.2.11 - Cross-Site Scripting via PaginatorHelper Limit Control
CVSS 5.4
CVE-2026-23725 MEDIUM
WeGIA < 3.6.2 - Stored Cross-Site Scripting in Adopters Information Table
CVSS 5.4
CVE-2026-23724 MEDIUM
WeGIA < 3.6.2 - Stored Cross-Site Scripting in Atendido Selection Dropdown
CVSS 4.3
CVE-2026-23722 CRITICAL
WeGIA < 3.6.2 - Unauthenticated Reflected Cross-Site Scripting via id_memorando Parameter
CVSS 9.1
CVE-2026-23645 MEDIUM
SiYuan < 3.5.4-dev2 - Stored Cross-Site Scripting via SVG File Upload
CVSS 6.1
CVE-2026-23528 MEDIUM
Dask distributed < 2026.1.0 - Cross-Site Scripting via Jupyter Lab Dashboard Proxy
CVSS 6.1
CVE-2026-0949 MEDIUM
Postgres Enterprise Manager < 9.8.1 - Stored Cross-Site Scripting in Chart Caption Renderer
CVSS 6.5
CVE-2026-21624 MEDIUM
EasyDiscuss 1.0.0-5.0.14 - Stored Cross-Site Scripting in User Avatar Text Handling
CVSS 5.4
CVE-2026-21623 MEDIUM
EasyDiscuss 1.0.0-5.0.14 - Stored Cross-Site Scripting in Forum Post Handling
CVSS 5.4
CVE-2026-0695 HIGH
ConnectWise Professional Service Automation < 2026.1 - Stored Cross-Site Scripting in Time Entry Audit Trail
CVSS 8.7
CVE-2026-20894 MEDIUM
TOA Corporation Multiple Network Cameras TRIFORA 3 series - Stored Cross-Site Scripting in Setting Screen
CVSS 4.8
CVE-2026-0913 MEDIUM
User Submitted Posts - WordPress <20260110 - XSS
CVSS 6.4
CVE-2026-0916 MEDIUM
WordPress Related Posts by Taxonomy <2.7.6 - XSS
CVSS 6.4
CVE-2026-23769 MEDIUM
lucy-xss-filter < 2025-06-08 - Cross-Site Scripting via Misconfigured Default Superset Rule Files
CVSS 6.1
CVE-2026-0858 MEDIUM
PlantUML < 1.2026.0 - Stored Cross-Site Scripting via GraphViz Diagram Interactive Attributes
CVSS 6.1
CVE-2026-1011 MEDIUM
Altium Live < 1.1.1.39 - Stored Cross-Site Scripting via AddComment Endpoint
CVSS 6.1
CVE-2026-1010 HIGH
Altium On-Prem Enterprise Server - Authenticated Stored Cross-Site Scripting via Workflow Form Submission
CVSS 8.0
CVE-2026-1009 CRITICAL
Altium Live - Authenticated Stored Cross-Site Scripting in Forum Post Content
CVSS 9.0
CVE-2026-1008 HIGH
Altium 365 - Authenticated Stored Cross-Site Scripting via User Profile Text Fields
CVSS 7.6
CVE-2026-22867 HIGH
LaSuite Doc 3.8.0-4.3.0 - Stored Cross-Site Scripting via Interlinking Feature
CVSS 8.7
CVE-2026-20076 MEDIUM
Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2026-20075 MEDIUM
Cisco EPNM/Prime Infrastructure - XSS
CVSS 4.8
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits