CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,734 vulnerabilities with CWE-79
CVE-2026-8882 MEDIUM
WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8880 MEDIUM
RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8841 MEDIUM
Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-7662 MEDIUM
ePaperFlip Publisher <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'publicationid' Shortcode Attribute
CVSS 6.4
CVE-2026-41846 MEDIUM
Spring Framework Cross-site Scripting via JSP Form Tags
CVSS 5.9
CVE-2026-41845 HIGH
Spring Framework Cross-site Scripting via JavaScriptUtils
CVSS 7.1
CVE-2026-11603 MEDIUM
Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter
CVSS 6.1
CVE-2026-10738 MEDIUM
jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax)
CVSS 6.4
CVE-2026-10024 MEDIUM
TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute
CVSS 6.4
CVE-2026-7556 HIGH
FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
CVSS 7.2
CVE-2026-5714 MEDIUM
Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter
CVSS 6.4
CVE-2026-10862 MEDIUM
Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field
CVSS 6.4
CVE-2026-44757 MEDIUM
SAP Wily Introscope Enterprise Manager - Cross-Site Scripting
CVSS 4.7
CVE-2026-44746 MEDIUM
SAP NetWeaver AS Java JDBC Test Servlet - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-44541 HIGH
Fides fides.js - DOM-Based Cross-Site Scripting via fides_description
CVE-2026-47345 MEDIUM
TYPO3 HTML Sanitizer allows Cross-Site Scripting
CVE-2026-47344 LOW
TYPO3 HTML Sanitizer allows Cross-Site Scripting
CVE-2026-11534 LOW
imvks786 student_management_system add.php cross site scripting
CVSS 3.5
CVE-2026-29170 MEDIUM
Apache HTTP Server: mod_proxy_ftp XSS
CVSS 6.1
CVE-2026-25558 MEDIUM
QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager
CVSS 4.8
CVE-2026-11520 LOW
SourceCodester Inventory System header.php cross site scripting
CVSS 3.5
CVE-2026-11518 MEDIUM
SourceCodester Inventory System User Management users.php cross site scripting
CVSS 4.3
CVE-2026-9549 MEDIUM
Checkmk - Fix XSS in Service Discovery Active Check Output
CVSS 4.8
CVE-2026-8833 MEDIUM
Checkmk - XSS in Urls
CVSS 5.4
CVE-2026-8078 MEDIUM
Checkmk - Fix Stored XSS in Global Settings Change Log
CVSS 4.8
Details
Vulnerabilities 44,734
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits