CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,924 vulnerabilities with CWE-79
CVE-2026-33035 MEDIUM
Unauthenticated Reflected XSS via innerHTML in AVideo
CVSS 6.1
CVE-2026-32940 CRITICAL
SiYuan <3.6.1 getDynamicIcon - Cross-Site Scripting
CVSS 9.3
CVE-2026-32890 CRITICAL
Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config
CVSS 9.6
CVE-2026-32880 MEDIUM
ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php
CVSS 6.4
CVE-2026-32757 MEDIUM
Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection
CVSS 5.4
CVE-2026-33395 MEDIUM
Discourse has stored click‑based XSS via Graphviz SVG javascript: links
CVSS 4.4
CVE-2026-32721 HIGH
LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
CVSS 8.6
CVE-2026-29106 MEDIUM
SuiteCRM has blind XSS in return_id parameter
CVSS 5.9
CVE-2026-29100 HIGH
SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter
CVSS 7.1
CVE-2026-32754 CRITICAL
FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})
CVSS 9.3
CVE-2026-32751 CRITICAL
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface
CVSS 9.0
CVE-2026-32040 MEDIUM
OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation
CVSS 4.6
CVE-2026-33346 HIGH
OpenEMR has stored XSS in portal_payment.php via Unescaped table_args
CVSS 8.7
CVE-2026-33303 MEDIUM
OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View
CVSS 5.4
CVE-2026-33299 MEDIUM
OpenEMR has Stored XSS in patient encounter Eye Exam form answers
CVSS 5.4
CVE-2026-27740 MEDIUM
Discourse has Stored XSS in AI Triage Automation
CVSS 6.1
CVE-2026-27570 MEDIUM
Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
CVSS 6.1
CVE-2026-32119 MEDIUM
OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page
CVSS 4.4
CVE-2026-32869 MEDIUM
OPEXUS eComplaint and eCASE XSS via Name of Organization field
CVSS 5.5
CVE-2026-32868 MEDIUM
OPEXUS eComplaint and eCASE XSS via my information
CVSS 5.5
CVE-2026-32866 MEDIUM
OPEXUS eComplaint and eCase stored XSS via profile first and last name
CVSS 5.5
CVE-2026-32843 MEDIUM
Linkit ONE Location Aware Sensor System (LASS) Reflected XSS via PM25.php
CVE-2026-27070 HIGH
WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-27068 HIGH
WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25442 HIGH
WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities 44,924
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits