CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,867 vulnerabilities with CWE-79
CVE-2026-34808 MEDIUM
Endian Firewall /cgi-bin/outgoingfw.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34807 MEDIUM
Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34806 MEDIUM
Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34805 MEDIUM
Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34804 MEDIUM
Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34803 MEDIUM
Endian Firewall /manage/qos/classes/ name Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34802 MEDIUM
Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34801 MEDIUM
Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34800 MEDIUM
Endian Firewall /cgi-bin/uplinkeditor.cgi NAME Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34799 MEDIUM
Endian Firewall /manage/dnsmasq/hosts/ remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34798 MEDIUM
Endian Firewall /cgi-bin/routing.cgi remark Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-34729 MEDIUM
phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
CVSS 6.1
CVE-2026-32629 MEDIUM
phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor
CVSS 6.1
CVE-2026-5332 LOW
Xiaopi Panel WAF Firewall demo.php cross site scripting
CVSS 3.5
CVE-2026-2737 MEDIUM
Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application
CVSS 6.1
CVE-2026-34890 MEDIUM
WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-29136 MEDIUM
SEPPmail Secure Email Gateway - CA Notification HTML Injection
CVSS 6.1
CVE-2026-5325 LOW
SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting
CVSS 3.5
CVE-2026-5319 MEDIUM
itsourcecode Payroll Management System navbar.php cross site scripting
CVSS 4.3
CVE-2026-1243 MEDIUM
IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
CVSS 5.4
CVE-2026-34571 CRITICAL
CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
CVSS 9.9
CVE-2026-34569 CRITICAL
CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.9
CVE-2026-34568 CRITICAL
CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34567 CRITICAL
CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34566 CRITICAL
CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
Details
Vulnerabilities 44,867
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits