CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,734 vulnerabilities with CWE-79
CVE-2026-42321 HIGH
GLPI has stored XSS in asset locks
CVE-2026-36748 CRITICAL
RockRMS < 17.7.0 - Stored Cross-Site Scripting via Social Media Links
CVSS 9.0
CVE-2026-47324 MEDIUM
Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system
CVE-2026-7421 MEDIUM
Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting
CVSS 4.4
CVE-2026-40108 HIGH
GLPI Vulnerable to Stored XSS in ITIL Costs
CVE-2026-35212 MEDIUM
OpenCTI has XSS in the rendering of email-message observable body data
CVSS 6.1
CVE-2026-42849 CRITICAL
authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover
CVSS 9.3
CVE-2026-5385 HIGH
GLPI 11.0.0 - Stored XSS in knowledge base
CVE-2026-33553 MEDIUM
CFEngine Enterprise 3.24.3-3.24.4 and 3.27.0-3.27.1 - Cross-Site Scripting
CVSS 6.1
CVE-2026-33245 HIGH
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
CVSS 8.0
CVE-2026-30586 MEDIUM
usememos Memos 0.26.0 - Cross-Site Scripting via Memo Rendering Component
CVSS 6.1
CVE-2026-33244 MEDIUM
React Router has stored XSS via unescaped Location header in prerendered redirect HTML
CVSS 5.4
CVE-2026-7299 MEDIUM
Appsmith < 2.1 - XSS
CVSS 6.3
CVE-2026-32250 MEDIUM
NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/
CVSS 4.3
CVE-2026-28116 MEDIUM
WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-42685 HIGH
WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-5191 MEDIUM
Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title'
CVSS 5.4
CVE-2026-34907 MEDIUM
Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia
CVE-2026-8885 MEDIUM
DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4081 MEDIUM
ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4080 MEDIUM
Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-2425 MEDIUM
hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter
CVSS 6.1
CVE-2026-2382 MEDIUM
FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter
CVSS 6.4
CVE-2026-1451 MEDIUM
rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter
CVSS 6.1
CVE-2026-1450 MEDIUM
rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter
CVSS 6.1
Details
Vulnerabilities 44,734
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits