CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,736 vulnerabilities with CWE-79
CVE-2026-9806 MEDIUM
Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names
CVE-2026-7660 MEDIUM
Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter
CVSS 6.1
CVE-2026-7634 HIGH
SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
CVSS 7.2
CVE-2026-7052 HIGH
HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field
CVSS 7.2
CVE-2026-6427 MEDIUM
a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element
CVSS 6.4
CVE-2026-9644 MEDIUM
LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-2374 HIGH
Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF
CVSS 7.2
CVE-2026-42877 MEDIUM
FacturaScripts: Stored XSS via product reference in sales/purchases
CVSS 5.4
CVE-2026-42197 HIGH
RELATE Vulnerable to Stored XSS via Unprivileged User Profile
CVSS 8.7
CVE-2026-48149 HIGH
Budibase: Stored XSS in Text component: BASIC users execute JS in admin session via MarkdownViewer innerHTML + CDN+srcdoc CSP bypass
CVSS 8.1
CVE-2026-46426 HIGH
Budibase: Unrestricted Upload of File with Dangerous Type
CVSS 7.6
CVE-2026-38931 MEDIUM
creatorsofcode simplephp - Stored Cross-Site Scripting in /admin/config-module.php
CVSS 5.4
CVE-2026-49102 MEDIUM
Webmin < 2.640 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 6.1
CVE-2026-49044 MEDIUM
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-48927 MEDIUM
Jenkins Buildgraph-view Plugin < 1.8 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.5
CVE-2026-47119 MEDIUM
Agent Zero < 1.15 Stored XSS via image_get API Endpoint
CVSS 6.1
CVE-2026-42762 HIGH
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42759 HIGH
WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42754 HIGH
WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42751 MEDIUM
WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-42750 MEDIUM
WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-42739 HIGH
WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42738 HIGH
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42734 HIGH
WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42733 HIGH
WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities 44,736
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits