CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,928 vulnerabilities with CWE-79
CVE-2026-27230 MEDIUM
Adobe Experience Manager <6.5.23 - Stored XSS
CVSS 5.4
CVE-2026-27229 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-27228 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-27226 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-27225 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-27224 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-27223 MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
CVE-2026-2569 MEDIUM
Flipbook PDF 3D Viewer <=2.4.20 - Authenticated Stored XSS via PDF Labels
CVSS 6.4
CVE-2026-31833 MEDIUM
Umbraco.Cms 16.2.0-16.5.1 and 17.0.0-17.2.1 - Authenticated Stored Cross-Site Scripting via Property Type Description
CVSS 6.7
CVE-2026-31823 MEDIUM
Sylius 2.0.0-2.0.15 - Authenticated Stored Cross-Site Scripting via Entity Name Rendering
CVSS 4.8
CVE-2026-31822 MEDIUM
Sylius <2.0.16, 2.1.12, 2.2.3 - XSS
CVSS 6.1
CVE-2026-31809 MEDIUM
SiYuan < 3.5.10 - Unauthenticated Reflected Cross-Site Scripting via SVG Sanitizer Bypass
CVSS 6.1
CVE-2026-31807 MEDIUM
SiYuan < 3.5.10 - Unauthenticated Reflected Cross-Site Scripting via SVG Animation Bypass
CVSS 6.1
CVE-2026-30948 MEDIUM
Parse Server <9.5.2-alpha.4/8.6.17 - XSS
CVSS 5.4
CVE-2026-2266 MEDIUM
GitHub Enterprise Server < 3.18.6 - Authenticated DOM-Based Cross-Site Scripting via Task List Content
CVSS 5.4
CVE-2026-29177 MEDIUM
Craft Commerce 4.0.0-4.10.1 - Stored Cross-Site Scripting via Shipping Method Name, Order Reference, or Site Name
CVSS 5.4
CVE-2026-29176 MEDIUM
Craft Commerce 5.0.0-5.5.2 - Stored Cross-Site Scripting in Inventory Locations Name Field
CVSS 4.8
CVE-2026-29175 MEDIUM
Craft Commerce 5.0.0-5.5.2 - Stored Cross-Site Scripting in Inventory Page Fields
CVSS 5.4
CVE-2026-29173 MEDIUM
Craft Commerce 4.0.0-4.10.1 - Stored Cross-Site Scripting in Order Status Update
CVSS 4.8
CVE-2026-3862 MEDIUM
Broadcom SiteMinder - Cross-Site Scripting
CVSS 4.8
CVE-2026-3228 MEDIUM
NextScripts Social Networks Auto-Poster <4.4.6 - XSS
CVSS 6.4
CVE-2026-30977 LOW
RenderBlocking < 0.1.1 - Stored Cross-Site Scripting in Inline Assets Mode
CVE-2026-30974 MEDIUM
copyparty < 1.20.11 - Stored Cross-Site Scripting via SVG Upload
CVSS 4.6
CVE-2026-30934 HIGH
FileBrowser Quantum <1.3.1-beta/1.2.2-stable - XSS
CVSS 8.9
CVE-2026-2724 HIGH
Unlimited Elements for Elementor <2.0.5 - XSS
CVSS 7.2
Details
Vulnerabilities 44,928
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits