CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,894 vulnerabilities with CWE-79
CVE-2026-33140 MEDIUM
PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
CVSS 6.1
CVE-2026-4495 LOW
atjiu pybbs CommentApiController.java create cross site scripting
CVSS 3.5
CVE-2026-4494 LOW
atjiu pybbs TopicApiController.java create cross site scripting
CVSS 3.5
CVE-2026-32844 MEDIUM
XinLiangCoder / php_api_doc Reflected XSS via list_method.php
CVSS 6.1
CVE-2026-30579 MEDIUM
File Thingie 2.5.7 - Stored Cross-Site Scripting via Uploaded Filename
CVSS 6.5
CVE-2026-30578 MEDIUM
File Thinghie 2.5.7 - Cross-Site Scripting via Dir Parameter
CVSS 6.5
CVE-2026-29828 MEDIUM
dootask < 1.6.27 - Stored Cross-Site Scripting via Project Description Input
CVSS 6.1
CVE-2026-22895 MEDIUM
QuFTP Service < 1.4.3 - Admin Cross-Site Scripting
CVSS 4.8
CVE-2026-32986 MEDIUM
Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection
CVSS 6.1
CVE-2026-33370 MEDIUM
Zimbra Collaboration 10.0-10.1 - Stored XSS
CVSS 6.1
CVE-2026-33368 MEDIUM
Zimbra Collaboration Suite 10.0-10.1 - XSS
CVSS 6.1
CVE-2026-31382 MEDIUM
Gainsight Assist reflected XSS/HTML injection
CVSS 6.1
CVE-2026-33136 CRITICAL
WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
CVSS 9.3
CVE-2026-33135 CRITICAL
WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter
CVSS 9.3
CVE-2026-33080 HIGH
Filament Tables 4.x and 5.x - Stored Cross-Site Scripting
CVSS 7.3
CVE-2026-33067 CRITICAL
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
CVSS 9.0
CVE-2026-33066 CRITICAL
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
CVSS 9.0
CVE-2026-2432 MEDIUM
CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels
CVSS 4.4
CVE-2026-33061 MEDIUM
exactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template
CVSS 5.8
CVE-2026-4474 LOW
itsourcecode University Management System admin_single_student_update.php cross site scripting
CVSS 2.4
CVE-2026-33051 MEDIUM
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
CVSS 5.4
CVE-2026-33035 MEDIUM
Unauthenticated Reflected XSS via innerHTML in AVideo
CVSS 6.1
CVE-2026-32940 CRITICAL
SiYuan <3.6.1 getDynamicIcon - Cross-Site Scripting
CVSS 9.3
CVE-2026-32890 CRITICAL
Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
CVSS 9.6
CVE-2026-32880 MEDIUM
ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php
CVSS 6.4
Details
Vulnerabilities 44,894
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits