CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,928 vulnerabilities with CWE-79
CVE-2026-26144 HIGH
Microsoft 365 Apps for Enterprise - Cross-Site Scripting in Excel
CVSS 7.5
CVE-2026-26105 HIGH
Microsoft SharePoint Server - Cross-Site Scripting
CVSS 8.1
CVE-2026-25972 MEDIUM
Fortinet FortiSIEM 7.4.0, 7.3.0-7.3.4 - XSS
CVSS 4.3
CVE-2026-1261 HIGH
MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting via Quiz Feature
CVSS 7.2
CVE-2026-30919 HIGH
facilemanager < 6.0.4 - Stored Cross-Site Scripting in fmDNS Module
CVSS 7.6
CVE-2026-30918 HIGH
facileManager <6.0.4 - Reflected XSS
CVSS 7.6
CVE-2026-30917 HIGH
MediaWiki Bucket <2.1.1 - Stored XSS
CVE-2026-30913 MEDIUM
Flarum flarum/nicknames - Open Redirect
CVSS 4.6
CVE-2026-30862 CRITICAL
Appsmith < 1.96 - Stored Cross-Site Scripting in Table Widget via Invite Users Feature
CVSS 9.0
CVE-2026-0489 MEDIUM
SAP Business One Job Service - DOM XSS
CVSS 6.1
CVE-2026-25737 HIGH
Budibase <=3.24.0 - Arbitrary File Upload
CVSS 8.9
CVE-2026-3819 LOW
SourceCodester Resort Reservation System 1.0 - XSS
CVSS 3.5
CVE-2026-3812 MEDIUM
itsourcecode Payroll Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3766 LOW
SourceCodester Pharmacy System 1.0 - XSS
CVSS 3.5
CVE-2026-3763 MEDIUM
Simple Flight Ticket Booking System 1.0 - XSS
CVSS 4.3
CVE-2026-3743 LOW
YiFang CMS 2.0.5 - Cross-Site Scripting via Name Argument in Single Page Group Update
CVSS 3.5
CVE-2026-3742 LOW
YiFang CMS 2.0.5 - Cross-Site Scripting via Title Argument in update Function
CVSS 3.5
CVE-2026-3741 LOW
YiFang CMS 2.0.5 - Cross-Site Scripting via update Function in admin/D_friendLink.php
CVSS 3.5
CVE-2026-3721 LOW
SmartAdmin < 3.29 - Stored Cross-Site Scripting in Help Documentation Module
CVSS 3.5
CVE-2026-3720 LOW
1024-lab/lab1024 SmartAdmin <3.29 - XSS
CVSS 3.5
CVE-2026-3716 LOW
Wavlink WL-WN579X3-C 231124 - Cross-Site Scripting via Hostname Parameter in adm.cgi
CVSS 2.4
CVE-2026-3702 MEDIUM
SourceCodester Loan Management System 1.0 - XSS
CVSS 4.3
CVE-2026-30838 MEDIUM
league/commonmark < 2.8.1 - Cross-Site Scripting via DisallowedRawHtml Extension Bypass
CVSS 6.1
CVE-2026-29192 HIGH
ZITADEL 4.0.0-4.11.1 - Open Redirect
CVSS 7.7
CVE-2026-29191 CRITICAL
ZITADEL 4.0.0-4.11.1 - Cross-Site Scripting via SAML-POST Endpoint
CVSS 9.3
Details
Vulnerabilities 44,928
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits