CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,869 vulnerabilities with CWE-79
CVE-2026-34567 CRITICAL
CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34566 CRITICAL
CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34565 CRITICAL
CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34564 CRITICAL
CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34563 CRITICAL
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS
CVSS 9.1
CVE-2026-34562 MEDIUM
CI4MS <0.31.0.0 Company Information Settings - Stored Cross-Site Scripting
CVSS 4.7
CVE-2026-34561 MEDIUM
CI4MS <0.31.0.0 Social Media Settings - Stored Cross-Site Scripting
CVSS 4.7
CVE-2026-34560 CRITICAL
CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34559 CRITICAL
CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-4364 MEDIUM
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 5.4
CVE-2026-34530 MEDIUM
File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection
CVSS 6.9
CVE-2026-34529 HIGH
File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
CVSS 7.6
CVE-2026-34748 HIGH
@payloadcms/next has Stored XSS in Admin Panel
CVSS 8.7
CVE-2026-33978 MEDIUM
Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata
CVSS 5.4
CVE-2026-20090 MEDIUM
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS 4.8
CVE-2026-20089 MEDIUM
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS 4.8
CVE-2026-20088 MEDIUM
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS 4.8
CVE-2026-20087 MEDIUM
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS 4.8
CVE-2026-20085 MEDIUM
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS 6.1
CVE-2026-30526 MEDIUM
SourceCodester Zoo Management System 1.0 - XSS
CVSS 6.1
CVE-2026-29598 MEDIUM
DDSN Interactive Acora CMS 10.7.1 - XSS
CVSS 5.4
CVE-2026-3877 MEDIUM
Reflected Cross-Site Scripting in Dashboard Search
CVSS 6.1
CVE-2026-21632 MEDIUM
Joomla! Core - [20260304] - XSS vectors in various article title outputs
CVSS 5.4
CVE-2026-21631 MEDIUM
Joomla! Core - [20260303] - XSS vector in com_associations comparison view
CVSS 5.4
CVE-2026-34889 MEDIUM
WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
Details
Vulnerabilities 44,869
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits