CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,869 vulnerabilities with CWE-79
CVE-2026-30565 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30564 MEDIUM
SourceCodester Sales and Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30563 MEDIUM
SourceCodester Sales and Inventory System 1.0 - Stored XSS
CVSS 6.1
CVE-2026-30082 MEDIUM
IngEstate Server 11.14.0 - Stored XSS
CVSS 6.1
CVE-2026-5106 LOW
code-projects Exam Form Submission update_fst.php cross site scripting
CVSS 2.4
CVE-2026-2602 MEDIUM
Twentig <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth'
CVSS 6.4
CVE-2026-5015 MEDIUM
elecV2 elecV2P Endpoint logs cross site scripting
CVSS 4.3
CVE-2026-2595 MEDIUM
Quads Ads Manager for Google AdSense <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters
CVSS 5.4
CVE-2026-4995 LOW
wandb OpenUI Window Message Event index.html cross site scripting
CVSS 3.5
CVE-2026-4992 MEDIUM
wandb OpenUI HTMLAnnotator server.py get_share HTML injection
CVSS 4.3
CVE-2026-4991 LOW
QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting
CVSS 3.5
CVE-2026-33979 HIGH
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
CVSS 8.2
CVE-2026-33976 CRITICAL
Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering
CVSS 9.6
CVE-2026-33955 HIGH
Notesnook vulnerable to RCE via stored XSS in Note History diff viewer
CVSS 8.6
CVE-2026-33941 HIGH
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
CVSS 8.2
CVE-2026-33916 MEDIUM
Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
CVSS 4.7
CVE-2026-33883 MEDIUM
Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag
CVSS 6.1
CVE-2026-4973 LOW
SourceCodester Online Quiz System add-question.php cross site scripting
CVSS 3.5
CVE-2026-4972 LOW
code-projects Online Reviewer System btn_functions.php cross site scripting
CVSS 2.4
CVE-2026-33739 MEDIUM
FOG has Stored XSS in Multiple Management Pages
CVSS 5.7
CVE-2026-33045 MEDIUM
Home Assistant has stored XSS in history-graphs
CVSS 5.4
CVE-2026-33044 MEDIUM
Home Assistant has stored XSS in Map-card through malicious device name
CVSS 5.4
CVE-2026-4969 LOW
code-projects Social Networking Site Alert home.php cross site scripting
CVSS 3.5
CVE-2026-34375 HIGH
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page
CVSS 8.2
CVE-2026-30568 MEDIUM
SourceCodester Inventory System 1.0 - XSS
CVSS 4.8
Details
Vulnerabilities 44,869
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits