CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,928 vulnerabilities with CWE-79
CVE-2026-32139 MEDIUM
DataEase < 2.10.20 - Stored Cross-Site Scripting via SVG Upload
CVSS 5.4
CVE-2026-31873 NONE
unjs/unhead < 2.1.11 - Cross-Site Scripting via Case-Insensitive URI Scheme Bypass
CVE-2026-31860 MEDIUM
unjs/unhead < 2.1.11 - Cross-Site Scripting via useHeadSafe() Attribute Injection
CVSS 6.1
CVE-2026-25529 HIGH
Postal < 3.3.5 - Stored Cross-Site Scripting via Admin Interface HTML Injection
CVSS 8.1
CVE-2026-2987 MEDIUM
Simple Ajax Chat < 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' Parameter
CVSS 6.1
CVE-2026-2514 HIGH
Progress Flowmon ADS < 12.5.5 and < 13.0.3 - Stored Cross-Site Scripting via Malicious Network Data
CVE-2026-2513 HIGH
Progress Flowmon ADS <12.5.5/13.0.3 - CSRF
CVE-2026-3993 MEDIUM
itsourcecode Payroll Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3990 MEDIUM
CesiumJS <= 1.137.0 - Cross-Site Scripting in Sandcastle Standalone HTML
CVSS 4.3
CVE-2026-3984 LOW
Campcodes Division Regional Athletic Meet Game Result Matrix System...
CVSS 3.5
CVE-2026-3983 LOW
Campcodes Division Regional Athletic Meet Game Result Matrix System...
CVSS 3.5
CVE-2026-2687 MEDIUM
Reading progressbar WordPress <1.3.1 - XSS
CVSS 4.3
CVE-2026-3982 MEDIUM
itsourcecode University Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3962 MEDIUM
Jcharis Machine-Learning-Web-Apps - XSS
CVSS 4.3
CVE-2026-32117 HIGH
grafanacubism-panel < 0.1.2 - Authenticated Stored Cross-Site Scripting via Zoom Link Handler
CVSS 7.6
CVE-2026-32125 MEDIUM
OpenEMR < 8.0.0.1 - Stored Cross-Site Scripting in Track Anything Dygraph Chart Renderer
CVSS 5.4
CVE-2026-32124 MEDIUM
OpenEMR < 8.0.0.1 - Stored Cross-Site Scripting via Code Description in Dynamic Code Picker
CVSS 5.4
CVE-2026-32121 HIGH
OpenEMR < 8.0.0.1 - Stored Cross-Site Scripting via Patient Demographics in Prescription Print View
CVSS 7.7
CVE-2026-32118 MEDIUM
OpenEMR < 8.0.0.1 - Authenticated Stored Cross-Site Scripting in Graphical Pain Map Form
CVSS 5.4
CVE-2026-32112 MEDIUM
ha-mcp < 7.0.0 - Stored Cross-Site Scripting via OAuth Consent Form
CVSS 6.8
CVE-2026-32109 LOW
Copyparty < 1.20.12 - Stored Cross-Site Scripting via .prologue.html File Upload
CVSS 3.7
CVE-2026-3951 MEDIUM
LockerProject Locker 0.0.0-0.1.0 - XSS
CVSS 4.3
CVE-2026-32095 MEDIUM
Plunk < 0.7.1 - Stored Cross-Site Scripting via SVG Image Upload
CVSS 5.4
CVE-2026-31879 MEDIUM
Frappe <14.100.2/15.101.0/16.10.0 - XSS
CVSS 5.4
CVE-2026-31876 MEDIUM
Notesnook Desktop < 3.3.9 - Stored Cross-Site Scripting via Twitter/X Embed URL
CVSS 5.4
Details
Vulnerabilities 44,928
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits