CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,819 vulnerabilities with CWE-79
CVE-2026-3361 MEDIUM
WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta
CVSS 6.4
CVE-2026-3007 MEDIUM
Koollab Learning Management System >=5.3.2 <5.3.2 - Stored Cross-Site Scripting in Courselet Feature
CVSS 5.4
CVE-2026-2951 MEDIUM
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML
CVSS 5.4
CVE-2026-41200 HIGH
STIG Manager OIDC Error Handling - Reflected Cross-Site Scripting
CVE-2026-1923 MEDIUM
Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id
CVSS 6.4
CVE-2026-4919 MEDIUM
IBM Guardium Data Protection is affected by multiple vulnerabilities
CVSS 4.8
CVE-2026-4918 MEDIUM
IBM Guardium Data Protection is affected by multiple vulnerabilities
CVSS 5.5
CVE-2026-3837 MEDIUM
Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters
CVSS 5.4
CVE-2026-3673 MEDIUM
Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer
CVSS 5.4
CVE-2026-5262 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVSS 8.0
CVE-2026-30139 MEDIUM
Silverpeas Core < 6.4.6 - Reflected Cross-Site Scripting via AdvancedSearch Functionality
CVSS 6.1
CVE-2026-1913 MEDIUM
Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
CVSS 6.4
CVE-2026-1395 MEDIUM
Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes
CVSS 6.4
CVE-2026-6246 MEDIUM
Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute
CVSS 6.4
CVE-2026-6236 MEDIUM
Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute
CVSS 6.4
CVE-2026-6041 MEDIUM
Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
CVSS 4.4
CVE-2026-5820 MEDIUM
Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block
CVSS 6.4
CVE-2026-5767 MEDIUM
SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute
CVSS 6.4
CVE-2026-5748 MEDIUM
Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute
CVSS 6.4
CVE-2026-4353 MEDIUM
CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-4279 MEDIUM
Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4142 MEDIUM
Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field
CVSS 4.4
CVE-2026-4125 MEDIUM
WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4089 MEDIUM
Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-4088 MEDIUM
Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS 6.4
Details
Vulnerabilities 44,819
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits