CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,867 vulnerabilities with CWE-79
CVE-2026-30252 MEDIUM
ZenShare Suite 17.0 - Reflected XSS
CVSS 6.1
CVE-2026-30251 MEDIUM
Interzen ZenShare Suite 17.0 - Reflected Cross-Site Scripting via codice_azienda Parameter
CVSS 6.1
CVE-2026-34932 CRITICAL
hoppscotch: Stored XSS via mock server responses on backend origin
CVSS 9.3
CVE-2026-34848 MEDIUM
hoppscotch: Stored XSS in team member overflow tooltip via display name
CVSS 5.4
CVE-2026-5429 HIGH
Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
CVSS 7.8
CVE-2026-5370 LOW
krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting
CVSS 3.5
CVE-2026-34725 HIGH
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
CVSS 8.2
CVE-2026-34606 MEDIUM
Stored XSS in Frappe LMS
CVSS 6.1
CVE-2026-34598 MEDIUM
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"
CVSS 6.1
CVE-2026-34974 MEDIUM
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation
CVSS 5.4
CVE-2026-34823 MEDIUM
Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34822 MEDIUM
Endian Firewall /manage/ca/certificate/ new_cert_name Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34821 MEDIUM
Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34820 MEDIUM
Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34819 MEDIUM
Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34818 MEDIUM
Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34817 MEDIUM
Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34816 MEDIUM
Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34815 MEDIUM
Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34814 MEDIUM
Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34813 MEDIUM
Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34812 MEDIUM
Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34811 MEDIUM
Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34810 MEDIUM
Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34809 MEDIUM
Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting
CVSS 6.4
Details
Vulnerabilities 44,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits