CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,924 vulnerabilities with CWE-79
CVE-2026-4354 LOW
TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting
CVSS 3.5
CVE-2026-32840 MEDIUM
Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name
CVSS 5.4
CVE-2026-30882 MEDIUM
Chamilo LMS: Reflected XSS in the session category listing page
CVSS 6.1
CVE-2026-29520 MEDIUM
Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter
CVSS 6.1
CVE-2026-29513 MEDIUM
Hereta ETH-IMC408M Stored XSS via Device Location
CVSS 5.4
CVE-2026-29510 MEDIUM
Hereta ETH-IMC408M Stored XSS via Device Name
CVSS 5.4
CVE-2026-25369 HIGH
WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-4225 LOW
CMS Made Simple User Management listusers.php cross site scripting
CVSS 2.4
CVE-2026-4186 LOW
UEditor <= 1.4.3.2 - Cross-Site Scripting via JSONP Callback Parameter
CVSS 3.5
CVE-2026-4175 LOW
Aureus ERP <= 1.3.0-BETA2 - Cross-Site Scripting in Chatter Message Handler
CVSS 3.5
CVE-2026-4169 LOW
Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
CVSS 2.4
CVE-2026-4168 LOW
Tecnick TCExam Group tce_edit_group.php cross site scripting
CVSS 2.4
CVE-2026-4166 LOW
Wavlink WL-NU516U1 240425 - Cross-Site Scripting via Homepage/Hostname Parameter
CVSS 3.5
CVE-2026-4165 LOW
Worksuite HR, CRM and Project Management <=5.5.25 - XSS
CVSS 2.4
CVE-2026-3024 MEDIUM
Wakyma Web Application - Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-32774 MEDIUM
Vulnogram - Stored Cross-Site Scripting via Comment Hypertext
CVSS 6.4
CVE-2026-32635 CRITICAL
Angular has XSS in i18n attribute bindings
CVSS 9.0
CVE-2026-32626 CRITICAL
AnythingLLM Desktop <=1.11.1 - XSS to RCE
CVSS 9.6
CVE-2026-3986 MEDIUM
Calculated Fields Form Plugin for WordPress <=5.4.5.0 - Stored XSS
CVSS 6.4
CVE-2026-32612 MEDIUM
Statamic CMS 6.0.0-6.6.1 - Authenticated Stored Cross-Site Scripting in Control Panel Color Mode Preference
CVSS 5.4
CVE-2026-32462 MEDIUM
Master Addons for Elementor <=2.1.3 - DOM-Based XSS
CVSS 5.9
CVE-2026-32460 MEDIUM
Ultimate Addons for Contact Form 7 <=3.5.36 - XSS
CVSS 6.5
CVE-2026-32455 MEDIUM
RealMag777 MDTF <= 1.3.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-32454 MEDIUM
ThemeFusion Avada Core <5.15.0 - DOM-Based XSS
CVSS 6.5
CVE-2026-32450 MEDIUM
Active Products Tables for WooCommerce <=1.0.7 - DOM-Based XSS
CVSS 6.5
Details
Vulnerabilities 44,924
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits