CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,813 vulnerabilities with CWE-79
CVE-2026-42612 HIGH
Grav: Publisher-Level Stored XSS via Unquoted Event Attributes
CVSS 8.5
CVE-2026-42611 HIGH
Grav: Stored XSS via Tag Injection
CVSS 8.9
CVE-2026-3320 MEDIUM
Cradle eCommerce Product Endpoint - Reflected Cross-Site Scripting
CVE-2026-3319 MEDIUM
Cradle eCommerce Collection Endpoint - Reflected Cross-Site Scripting
CVE-2026-34089 LOW
Memory leak in Scribunto causes runJobs.php to run out of memory
CVE-2026-6956 MEDIUM
Reflected XSS in ATutor
CVE-2026-6909 MEDIUM
Reflected XSS in ATutor
CVE-2026-8262 LOW
Devs Palace ERP Online chart-save cross site scripting
CVSS 2.4
CVE-2026-8256 LOW
Devs Palace ERP Online mr-save cross site scripting
CVSS 2.4
CVE-2026-8255 LOW
Devs Palace ERP Online add_new_customer cross site scripting
CVSS 2.4
CVE-2026-8254 LOW
Devs Palace ERP Online sales_save cross site scripting
CVSS 2.4
CVE-2026-8253 LOW
Devs Palace ERP Online purchase_save cross site scripting
CVSS 2.4
CVE-2026-6735 MEDIUM
XSS within PHP-FPM status endpoint
CVSS 6.1
CVE-2026-8221 LOW
Devs Palace ERP Online item-save cross site scripting
CVSS 2.4
CVE-2026-8220 LOW
Devs Palace ERP Online customer-save cross site scripting
CVSS 2.4
CVE-2026-8219 LOW
Devs Palace ERP Online supplier-save cross site scripting
CVSS 2.4
CVE-2026-8218 LOW
Devs Palace ERP Online purchase_return_save cross site scripting
CVSS 2.4
CVE-2026-8195 MEDIUM
JeecgBoot SVG File CommonController.java cross site scripting
CVSS 4.3
CVE-2026-42455 HIGH
LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin)
CVE-2026-42556 HIGH
Postiz stored XSS in public preview page
CVSS 8.9
CVE-2026-42451 MEDIUM
Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft
CVSS 6.3
CVE-2026-42224 HIGH
Icinga ipl/web < 0.13.1 - Reflected Cross-Site Scripting
CVSS 7.6
CVE-2026-42192 MEDIUM
Plunk: Stored XSS in campaign view
CVSS 5.4
CVE-2026-42794 MEDIUM
Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
CVSS 6.1
CVE-2026-41886 HIGH
locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor
CVSS 7.5
Details
Vulnerabilities 44,813
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits