CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,869 vulnerabilities with CWE-79
CVE-2026-34071 MEDIUM
Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export
CVSS 5.4
CVE-2026-33402 MEDIUM
SAK-52311: Sakai site-manage group titles can contain XSS content
CVSS 6.1
CVE-2026-30162 MEDIUM
Timo 2.0.3 - Stored Cross-Site Scripting via Title Field
CVSS 6.1
CVE-2026-29934 MEDIUM
Lightcms v2.0 - Reflected Cross-Site Scripting via Referer Header
CVSS 6.1
CVE-2026-29933 MEDIUM
YZMCMS v7.4 - Reflected Cross-Site Scripting via Referrer Header
CVSS 6.1
CVE-2026-28298 MEDIUM
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
CVSS 5.9
CVE-2026-28297 MEDIUM
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
CVSS 6.1
CVE-2026-4877 MEDIUM
itsourcecode Payroll Management System index.php cross site scripting
CVSS 4.3
CVE-2026-2389 MEDIUM
Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter
CVSS 4.9
CVE-2026-2231 HIGH
Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 7.2
CVE-2026-4849 MEDIUM
code-projects Simple Laundry System Parameter modify.php cross site scripting
CVSS 4.3
CVE-2026-4848 MEDIUM
dameng100 muucmf list.html cross site scripting
CVSS 4.3
CVE-2026-4847 MEDIUM
dameng100 muucmf list.html cross site scripting
CVSS 4.3
CVE-2026-4846 MEDIUM
dameng100 muucmf autoReply.html cross site scripting
CVSS 4.3
CVE-2026-4845 MEDIUM
dameng100 muucmf index.html cross site scripting
CVSS 4.3
CVE-2026-4389 MEDIUM
DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute
CVSS 6.4
CVE-2026-4329 HIGH
Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header
CVSS 7.2
CVE-2026-4278 MEDIUM
Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
CVSS 6.4
CVE-2026-4335 MEDIUM
ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
CVSS 5.4
CVE-2026-4075 MEDIUM
BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute
CVSS 6.4
CVE-2026-1986 MEDIUM
FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter
CVSS 6.1
CVE-2026-4835 LOW
code-projects Accounting System Web Application add_costumer.php cross site scripting
CVSS 3.5
CVE-2026-33933 MEDIUM
Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
CVSS 6.1
CVE-2026-33932 HIGH
OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes
CVSS 7.6
CVE-2026-33912 MEDIUM
OpenEMR has reflected XSS in ajax_download.php via reportID parameter
CVSS 5.4
Details
Vulnerabilities 44,869
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits