CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,813 vulnerabilities with CWE-79
CVE-2026-42045 MEDIUM
LobeHub < 2.1.48 HTMLRenderer - Cross-Site Scripting to Remote Code Execution
CVSS 6.2
CVE-2026-41611 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVSS 7.8
CVE-2026-41610 MEDIUM
Visual Studio Code Security Feature Bypass Vulnerability
CVSS 6.3
CVE-2026-43939 HIGH
YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers
CVSS 7.3
CVE-2026-43938 HIGH
YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
CVSS 8.1
CVE-2026-8391 MEDIUM
Firefox < 150.0.3 - Memory Corruption in JavaScript Engine
CVSS 5.3
CVE-2026-6813 MEDIUM
Continually <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'continually_embed_code' Parameter
CVSS 4.4
CVE-2026-6800 MEDIUM
FastBots <= 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-33862 HIGH
Siemens Teamcenter V2312 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 7.3
CVE-2026-25789 HIGH
Siemens Simatic Drive Controller Cpu 1504D TF - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 7.1
CVE-2026-25787 CRITICAL
Siemens Simatic Drive Controller Cpu 1504D TF - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 9.1
CVE-2026-25786 CRITICAL
Siemens Simatic Drive Controller Cpu 1504D TF - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 9.1
CVE-2026-7661 MEDIUM
Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'box' Shortcode
CVSS 6.4
CVE-2026-7659 MEDIUM
Advanced Social Media Icons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'social' Shortcode
CVSS 6.4
CVE-2026-7464 MEDIUM
WP Google Maps Integration <= 1.2 - Reflected Cross-Site Scripting via 'page' Parameter
CVSS 6.1
CVE-2026-7437 MEDIUM
AzonPost <= 1.3 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-6913 MEDIUM
Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widget_area' Shortcode Attribute
CVSS 6.4
CVE-2026-6808 MEDIUM
Pricing Tables for WP <= 1.1.0 - Reflected Cross-Site Scripting via 'page' Parameter
CVSS 6.1
CVE-2026-6690 HIGH
LifePress <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting via 'n' Parameter via lp_update_mds AJAX Action
CVSS 7.2
CVE-2026-6256 MEDIUM
Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute
CVSS 6.4
CVE-2026-6247 MEDIUM
scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute
CVSS 6.4
CVE-2026-6237 MEDIUM
Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute
CVSS 6.4
CVE-2026-5715 MEDIUM
Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode
CVSS 6.4
CVE-2026-5340 MEDIUM
Fancy Image Show <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4920 MEDIUM
Next Date <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
CVSS 6.4
Details
Vulnerabilities 44,813
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits