CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-0627 MEDIUM
AMP for WP - Accelerated Mobile Pages <= 1.1.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2026-0563 MEDIUM
WP Google Street View & Google maps + Local SEO <1.1.8 - XSS
CVSS 6.4
CVE-2026-22714 LOW
Mediawiki Monaco Skin <1.45-1.39 - XSS
CVE-2026-22713 MEDIUM
Mediawiki GrowthExperiments Extension 1.39, 1.43-1.45 - Cross-Site Scripting
CVSS 5.4
CVE-2026-22710 MEDIUM
Wikimedia Wikibase 1.39, 1.43-1.45 - Cross-Site Scripting
CVSS 5.4
CVE-2026-0730 LOW
PHPGurukul Staff Leave Management System 1.0 - Cross-Site Scripting via Profile Pic Argument
CVSS 2.4
CVE-2026-22257 HIGH
salvo < 0.88.1 - Cross-Site Scripting via Unsanitized File and Folder Names
CVSS 8.8
CVE-2026-22256 HIGH
salvo < 0.88.1 - Reflected Cross-Site Scripting via Path Rendering
CVSS 8.8
CVE-2026-22587 MEDIUM
Ideagen DevonWay < 2.62.4 - Authenticated Stored Cross-Site Scripting in Reports Page
CVSS 5.5
CVE-2026-22233 MEDIUM
OPEXUS eCASE Audit 11.4.0-11.14.1.9 - Authenticated Stored Cross-Site Scripting via Estimated Staff Hours Field
CVSS 5.5
CVE-2026-22232 MEDIUM
OPEXUS eCASE Audit 11.4.0-11.14.1.9 - Authenticated Stored Cross-Site Scripting in Project Setup A or SIC Number Field
CVSS 5.5
CVE-2026-22231 MEDIUM
OPEXUS eCASE Audit 11.4.0-11.14.0 - Authenticated Stored Cross-Site Scripting via Document Check Out Comment
CVSS 5.5
CVE-2026-22519 MEDIUM
BuddyDev MediaPress <= 1.6.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-22518 MEDIUM
PencilWP X Addons for Elementor <1.0.23 - XSS
CVSS 6.5
CVE-2026-0671 MEDIUM
MediaWiki UploadWizard extension 1.39, 1.43-1.45 - Cross-Site Scripting
CVSS 6.1
CVE-2026-21873 HIGH
NiceGUI 2.22.0-3.4.1 - Cross-Site Scripting via Pushstate Event Listener
CVSS 7.2
CVE-2026-21872 MEDIUM
NiceGUI 2.22.0-3.4.1 - Stored Cross-Site Scripting via Sub-Page Click Event Listener
CVSS 6.1
CVE-2026-21871 MEDIUM
NiceGUI 2.13.0-3.4.1 - Cross-Site Scripting via History API Navigation Helpers
CVSS 6.1
CVE-2026-21855 CRITICAL
Tarkov Data Manager < 2025-01-02 - Reflected Cross-Site Scripting via Toast Notification System
CVSS 9.3
CVE-2026-0670 MEDIUM
MediaWiki - ProofreadPage Ext <1.45-1.39 - XSS
CVSS 6.1
CVE-2026-0618 MEDIUM
PowerShell Universal < 4.5.6 - Cross-Site Scripting
CVSS 6.1
CVE-2026-0642 LOW
projectworlds House Rental and Property Listing 1.0 - Cross-Site Scripting via Complaint Name Parameter
CVSS 2.4
CVE-2026-0588 LOW
RockOA < 2.7.1 - Cross-Site Scripting via rockfun.php Callback Parameter
CVSS 3.5
CVE-2026-0587 LOW
RockOA < 2.7.1 - Cross-Site Scripting via fengmian Parameter in Cover Image Handler
CVSS 3.5
CVE-2026-0586 MEDIUM
Online Product Reservation System 1.0 - Cross-Site Scripting via cat Parameter in prod.php
CVSS 4.3
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits