CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,869 vulnerabilities with CWE-79
CVE-2026-20915 MEDIUM
Stored cross-site scripting in Pending Changes sidebar
CVSS 5.4
CVE-2026-4267 HIGH
Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI
CVSS 7.2
CVE-2026-34887 MEDIUM
WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-3107 MEDIUM
Teampass Password Import - Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-3106 MEDIUM
Teampass Login Form - Blind Cross-Site Scripting
CVSS 5.4
CVE-2026-1877 MEDIUM
Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page
CVSS 6.1
CVE-2026-4146 MEDIUM
Loco Translate <= 2.8.2 - Reflected Cross-Site Scripting via 'update_href' Parameter
CVSS 6.1
CVE-2026-4794 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF
CVSS 4.8
CVE-2026-32734 HIGH
baserCMS: Multiple vulnerabilities in baserCMS
CVSS 7.1
CVE-2026-30879 MEDIUM
baserCMS: Cross-site scripting vulnerability in blog post
CVSS 6.1
CVE-2026-5157 MEDIUM
code-projects Online Food Ordering System Order order.php cross site scripting
CVSS 4.3
CVE-2026-34558 CRITICAL
CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-34557 CRITICAL
CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVSS 9.1
CVE-2026-27599 MEDIUM
CI4MS <0.31.0.0 Mail Settings - Stored Cross-Site Scripting
CVSS 4.7
CVE-2026-32275 CRITICAL
Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft
CVSS 9.1
CVE-2026-27508 MEDIUM
Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
CVSS 5.4
CVE-2026-26352 MEDIUM
Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
CVSS 5.4
CVE-2026-30562 CRITICAL
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 9.3
CVE-2026-30561 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30560 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30559 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30558 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30557 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30556 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30566 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
Details
Vulnerabilities 44,869
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits