CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,930 vulnerabilities with CWE-79
CVE-2026-29192 HIGH
ZITADEL 4.0.0-4.11.1 - Open Redirect
CVSS 7.7
CVE-2026-29191 CRITICAL
ZITADEL 4.0.0-4.11.1 - Cross-Site Scripting via SAML-POST Endpoint
CVSS 9.3
CVE-2026-2433 MEDIUM
RSS Aggregator WordPress Plugin <=5.0.11 - XSS
CVSS 6.1
CVE-2026-2420 MEDIUM
LotekMedia Popup Form <=1.0.6 - XSS
CVSS 4.4
CVE-2026-1825 MEDIUM
Show YouTube video plugin 1.1 - XSS
CVSS 6.4
CVE-2026-1824 MEDIUM
Infomaniak Connect for OpenID <1.0.2 - XSS
CVSS 6.4
CVE-2026-1823 MEDIUM
Consensus Embed WordPress Plugin <=1.6 - XSS
CVSS 6.4
CVE-2026-1820 MEDIUM
Media Library Alt Text Editor <1.0.0 - XSS
CVSS 6.4
CVE-2026-1805 MEDIUM
DA Media GigList <1.9.0 - Stored XSS
CVSS 6.4
CVE-2026-1574 MEDIUM
MyQtip WordPress Plugin <2.0.5 - XSS
CVSS 6.4
CVE-2026-1569 MEDIUM
Wueen Plugin for WordPress <=0.2.0 - XSS
CVSS 6.4
CVE-2026-1074 HIGH
WP App Bar Plugin <1.5 - Stored XSS
CVSS 7.2
CVE-2026-1071 MEDIUM
Carta Online WordPress Plugin <=2.13.0 - XSS
CVSS 4.4
CVE-2026-30841 MEDIUM
wallos < 4.6.2 - Reflected Cross-Site Scripting via Password Reset Token and Email Parameters
CVSS 6.1
CVE-2026-30830 MEDIUM
defuddle < 0.9.0 - Cross-Site Scripting via Image Alt Attribute
CVSS 6.1
CVE-2026-2722 MEDIUM
WordPress Stock Ticker <=3.26.1 - XSS
CVSS 4.8
CVE-2026-2721 MEDIUM
MailArchiver <= 4.4.0 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.8
CVE-2026-2431 MEDIUM
CM Custom Reports < 1.2.7 - Unauthenticated Reflected Cross-Site Scripting via Date Parameters
CVSS 6.1
CVE-2026-1902 MEDIUM
Hammas Calendar Plugin <1.5.11 - XSS
CVSS 6.4
CVE-2026-25073 MEDIUM
XikeStor SKS8310-8X <1.04.B07 - Stored XSS
CVSS 5.4
CVE-2026-30238 MEDIUM
Group-Office < 6.8.155 - Reflected Cross-Site Scripting via External Index f Parameter
CVSS 6.1
CVE-2026-30237 MEDIUM
Group-Office < 6.8.155 - Reflected Cross-Site Scripting via Install License Endpoint
CVSS 6.1
CVE-2026-27142 MEDIUM
Go html/template - Meta Refresh URL Cross-Site Scripting
CVSS 6.1
CVE-2026-29082 HIGH
kestra/kestra < 1.1.10 - Stored Cross-Site Scripting via Markdown Preview Rendering
CVSS 7.3
CVE-2026-29183 CRITICAL
SiYuan < 3.5.9 - Unauthenticated Reflected Cross-Site Scripting via Dynamic Icon API
CVSS 9.3
Details
Vulnerabilities 44,930
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits