CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

43,790 vulnerabilities with CWE-79
CVE-2026-7230 MEDIUM
SourceCodester Safety Anger Pad cross site scripting
CVSS 4.3
CVE-2026-6809 MEDIUM
Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed
CVSS 6.4
CVE-2026-6725 MEDIUM
WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2026-6551 MEDIUM
Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute
CVSS 6.4
CVE-2026-7222 LOW
code-projects Coaching Management System Complaint Form complaint.php cross site scripting
CVSS 3.5
CVE-2026-7200 MEDIUM
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 4.3
CVE-2026-5362 MEDIUM
Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
CVE-2026-29971 MEDIUM
WebFileSys 2.31.1 - XSS
CVSS 6.1
CVE-2026-38936 MEDIUM
diskover-community <=2.3.5 - XSS
CVSS 6.1
CVE-2026-38935 MEDIUM
diskover-community <=2.3.5 - XSS
CVSS 6.1
CVE-2026-41467 MEDIUM
ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()
CVSS 5.4
CVE-2026-41466 MEDIUM
ProjeQtor < 12.4.4 Stored XSS via checkValidHtmlText()
CVSS 5.4
CVE-2026-7129 MEDIUM
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 4.3
CVE-2026-7116 MEDIUM
code-projects Employee Management System mark.php cross site scripting
CVSS 4.3
CVE-2026-42410 MEDIUM
WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-7110 LOW
code-projects Invoice System in Laravel item cross site scripting
CVSS 3.5
CVE-2026-7095 MEDIUM
code-projects Employee Management System edit.php cross site scripting
CVSS 4.3
CVE-2026-7090 LOW
code-projects Chat System send_message.php cross site scripting
CVSS 2.4
CVE-2026-7089 MEDIUM
code-projects Home Service System Appointment Booking booking.php cross site scripting
CVSS 4.3
CVE-2026-7027 LOW
D-Link DSL-2740R Wireless Setup Section cross site scripting
CVSS 2.4
CVE-2026-7026 MEDIUM
D-Link DGS-3420 System Information Settings cross site scripting
CVSS 4.5
CVE-2026-7016 LOW
MaxSite CMS ushki Plugin cross site scripting
CVSS 2.4
CVE-2026-7015 LOW
MaxSite CMS Guestbook Plugin cross site scripting
CVSS 2.4
CVE-2026-7014 LOW
MaxSite CMS down_count Plugin cross site scripting
CVSS 2.4
CVE-2026-7013 LOW
MaxSite CMS mail_send Plugin cross site scripting
CVSS 2.4
Details
Vulnerabilities 43,790
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits