CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,880 vulnerabilities with CWE-79
CVE-2026-23807 HIGH
WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-22524 HIGH
WordPress Legacy Admin plugin <= 9.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-22523 HIGH
WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-22520 HIGH
WordPress Handmade Framework plugin <= 3.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-22491 HIGH
WordPress My auctions allegro plugin <= 3.6.35 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-3218 MEDIUM
Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019
CVSS 4.8
CVE-2026-3217 MEDIUM
SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018
CVSS 6.1
CVE-2026-3215 MEDIUM
Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016
CVSS 5.4
CVE-2026-3213 MEDIUM
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
CVSS 4.7
CVE-2026-3212 MEDIUM
Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
CVSS 5.4
CVE-2026-2349 MEDIUM
UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
CVSS 6.1
CVE-2026-2348 MEDIUM
Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
CVSS 5.4
CVE-2026-24750 HIGH
Kiteworks Secure Data Forms vulnerable to Cross-site Scripting
CVSS 7.6
CVE-2026-20112 MEDIUM
Cisco IOS XE Software 16.6.1-16.6.10 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2026-20108 MEDIUM
Cisco Catalyst SD-WAN Manager 20.12.1-20.12.5.1 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-4816 MEDIUM
Support Board 3.7.7 - Reflected Cross-Site Scripting
CVSS 5.4
CVE-2026-2072 HIGH
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
CVSS 8.2
CVE-2026-4766 MEDIUM
Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta
CVSS 6.4
CVE-2026-28871 MEDIUM
Safari < 26.4 - Cross-Site Scripting via Maliciously Crafted Website
CVSS 4.3
CVE-2026-28861 MEDIUM
Safari < 26.4 - Cross-Site Scripting via Script Message Handler Origin Confusion
CVSS 4.3
CVE-2026-33347 MEDIUM
league/commonmark 2.3.0-2.8.1 Embed Extension - Domain Allowlist Bypass
CVSS 6.1
CVE-2026-33331 HIGH
oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
CVSS 8.2
CVE-2026-33400 MEDIUM
Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint
CVSS 5.4
CVE-2026-33334 CRITICAL
Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration
CVSS 9.6
CVE-2026-29840 MEDIUM
jizhicms < 2.5.6 - Authenticated Stored Cross-Site Scripting via Release Function
CVSS 5.4
Details
Vulnerabilities 44,880
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits