CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,957 vulnerabilities with CWE-79
CVE-2026-27948 MEDIUM
Copyparty < 1.20.9 - Reflected Cross-Site Scripting via URL Parameter
CVSS 5.4
CVE-2026-27902 MEDIUM
Svelte 5.53.0-5.53.5 - Cross-Site Scripting via transformError HTML Injection
CVSS 5.4
CVE-2026-27901 MEDIUM
Svelte < 5.53.5 - Cross-Site Scripting via contenteditable Element Binding
CVSS 6.1
CVE-2026-27578 MEDIUM
n8n <2.10.1/2.9.3/1.123.22 - XSS
CVSS 5.4
CVE-2026-27616 HIGH
Vikunja < 2.0.0 - Stored Cross-Site Scripting via SVG Task Attachment
CVSS 7.3
CVE-2026-27148 CRITICAL
Storybook <7.6.23/8.6.17/9.1.19/10.2.10 - WebSocket Hijacking
CVSS 9.6
CVE-2026-27116 MEDIUM
vikunja/vikunja < 2.0.0 - Reflected HTML Injection via Projects Filter Parameter
CVSS 6.1
CVE-2026-0752 HIGH
GitLab CE/EE 16.2-18.7.4/18.8-18.8.4/18.9 - XSS
CVSS 8.0
CVE-2026-25736 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
CVSS 6.1
CVE-2026-25735 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
CVSS 6.1
CVE-2026-25734 MEDIUM
Rucio WebUI < 35.8.3 - Stored Cross-Site Scripting in RSE Metadata
CVSS 6.1
CVE-2026-25733 HIGH
Rucio <35.8.3, <38.5.4, <39.3.1 - XSS
CVSS 7.3
CVE-2026-25136 HIGH
Rucio < 35.8.3 - Reflected Cross-Site Scripting via WebUI ExceptionMessage
CVSS 8.1
CVE-2026-22720 HIGH
VMware Aria Operations - Stored XSS
CVSS 8.0
CVE-2026-25743 MEDIUM
OpenEMR < 8.0.0 - Authenticated Stored Cross-Site Scripting via Form Answers
CVSS 4.8
CVE-2026-20091 MEDIUM
Cisco FXOS/UCS Manager - Stored XSS
CVSS 4.8
CVE-2026-2367 MEDIUM
WordPress Secure Copy Content Protection 5.0.1 - XSS
CVSS 6.4
CVE-2026-3171 LOW
Patients Waiting Area Queue 1.0 - XSS
CVSS 3.5
CVE-2026-3170 LOW
Patients Waiting Area Queue Management System 1.0 - XSS
CVSS 2.4
CVE-2026-1614 MEDIUM
Rise Blocks WordPress Plugin <=3.7 - XSS
CVSS 6.4
CVE-2026-27645 MEDIUM
changedetection.io < 0.54.1 - Reflected Cross-Site Scripting via RSS Single-Watch UUID Parameter
CVSS 6.1
CVE-2026-27746 MEDIUM
SPIP jeux < 4.1.1 - Reflected Cross-Site Scripting via pre_propre Pipeline
CVSS 6.1
CVE-2026-27639 MEDIUM
Mercator < 2026.02.22 - Authenticated Stored Cross-Site Scripting via Unescaped Blade Directives
CVSS 5.4
CVE-2026-27627 HIGH
Karakeep 0.30.0 - Stored Cross-Site Scripting via Reddit Metascraper Plugin
CVSS 8.2
CVE-2026-27822 CRITICAL
RustFS <1.0.0-alpha.83 - Stored XSS
CVSS 9.0
Details
Vulnerabilities 44,957
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits