CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,819 vulnerabilities with CWE-79
CVE-2026-5362 MEDIUM
Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
CVSS 5.4
CVE-2026-29971 MEDIUM
WebFileSys < 2.32.0 - Reflected Cross-Site Scripting via FTP Backup, Authentication, Search, and Error Handling
CVSS 6.1
CVE-2026-38936 MEDIUM
diskover-community <= 2.3.5 - Reflected Cross-Site Scripting via namecontains Parameter
CVSS 6.1
CVE-2026-38935 MEDIUM
diskover-community <= 2.3.5 - Reflected Cross-Site Scripting via Doctype Parameter
CVSS 6.1
CVE-2026-41467 MEDIUM
ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()
CVSS 5.4
CVE-2026-41466 MEDIUM
ProjeQtor < 12.4.4 Stored XSS via checkValidHtmlText()
CVSS 5.4
CVE-2026-7129 MEDIUM
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 4.3
CVE-2026-7116 MEDIUM
code-projects Employee Management System mark.php cross site scripting
CVSS 4.3
CVE-2026-42410 MEDIUM
WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-7110 LOW
code-projects Invoice System in Laravel item cross site scripting
CVSS 3.5
CVE-2026-7095 MEDIUM
code-projects Employee Management System edit.php cross site scripting
CVSS 4.3
CVE-2026-7090 LOW
code-projects Chat System send_message.php cross site scripting
CVSS 2.4
CVE-2026-7089 MEDIUM
code-projects Home Service System Appointment Booking booking.php cross site scripting
CVSS 4.3
CVE-2026-7027 LOW
D-Link DSL-2740R Wireless Setup Section cross site scripting
CVSS 2.4
CVE-2026-7026 MEDIUM
D-Link DGS-3420 System Information Settings cross site scripting
CVSS 4.5
CVE-2026-7016 LOW
MaxSite CMS ushki Plugin cross site scripting
CVSS 2.4
CVE-2026-7015 LOW
MaxSite CMS Guestbook Plugin cross site scripting
CVSS 2.4
CVE-2026-7014 LOW
MaxSite CMS down_count Plugin cross site scripting
CVSS 2.4
CVE-2026-7013 LOW
MaxSite CMS mail_send Plugin cross site scripting
CVSS 2.4
CVE-2026-7012 LOW
MaxSite CMS Redirect Plugin cross site scripting
CVSS 2.4
CVE-2026-7011 LOW
MaxSite CMS Antispam Plugin plugin_antispam cross site scripting
CVSS 2.4
CVE-2026-7001 LOW
Datacom DM4100 Ethernet Configuration cross site scripting
CVSS 2.4
CVE-2026-7000 LOW
Datacom DM4100 VLAN Page cross site scripting
CVSS 2.4
CVE-2026-6999 LOW
BIVOCOM TR321 Wireless Setting cross site scripting
CVSS 2.4
CVE-2026-6998 LOW
BDCOM P3310D New RMON Statistics cross site scripting
CVSS 2.4
Details
Vulnerabilities 44,819
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits