CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,959 vulnerabilities with CWE-79
CVE-2026-26724 HIGH
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via selectgroup and gn Parameters
CVSS 7.6
CVE-2026-26723 HIGH
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via Function Parameter
CVSS 8.2
CVE-2026-27072 HIGH
PixelYourSite <=11.2.0.1 - Stored XSS
CVSS 7.1
CVE-2026-24955 HIGH
Whizz Plugins <= 1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-24949 HIGH
ThemeGoods PhotoMe <= 5.7.1 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2026-24948 HIGH
Reflector <= 1.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-24943 HIGH
ThemeGoods Grand Conference <=5.3.4 - XSS
CVSS 7.1
CVE-2026-22357 HIGH
Link Whisper Free <= 0.9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-22352 HIGH
PersianScript Persian Woocommerce SMS <=7.1.1 - XSS
CVSS 7.1
CVE-2026-2486 MEDIUM
Master Addons For Elementor <=2.1.1 - XSS
CVSS 6.4
CVE-2026-26370 MEDIUM
WordPress Survey Maker <5.1.7.7 - XSS
CVSS 6.1
CVE-2026-2825 LOW
rachelos WeRSS we-mp-rss <=1.4.8 - XSS
CVSS 3.5
CVE-2026-2384 MEDIUM
Quiz Maker <= 6.7.1.7 - Authenticated Stored Cross-Site Scripting via vc_quizmaker Shortcode
CVSS 6.4
CVE-2026-26993 MEDIUM
Flare < 1.7.1 - Stored Cross-Site Scripting via SVG/HTML/XML File Upload
CVSS 4.6
CVE-2026-26992 MEDIUM
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting via Port Group Name
CVSS 4.8
CVE-2026-26991 MEDIUM
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting via Device Group Name
CVSS 4.8
CVE-2026-27016 MEDIUM
LibreNMS 24.10.0-26.1.1 - Stored XSS
CVSS 5.4
CVE-2026-26989 MEDIUM
LibreNMS < 26.2.0 - Authenticated Stored Cross-Site Scripting in Alert Rules Workflow
CVSS 4.3
CVE-2026-26987 MEDIUM
LibreNMS < 26.2.0 - Reflected Cross-Site Scripting via Email Field
CVSS 6.1
CVE-2026-27009 MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
CVSS 5.8
CVE-2026-26953 MEDIUM
Pi-hole Web Interface 6.0-6.4.1 - Authenticated Stored HTML Injection via X-Forwarded-For Header
CVSS 5.4
CVE-2026-26952 MEDIUM
Pi-hole web_interface < 6.4.1 - Authenticated Stored HTML Injection via DNS Records Configuration
CVSS 5.4
CVE-2026-27440 MEDIUM
myCred <= 2.9.7.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-27360 MEDIUM
Photo Gallery by 10Web <= 1.8.38 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2026-27013 HIGH
fabric.js < 7.2.0 - Stored Cross-Site Scripting via SVG Export
CVSS 7.6
Details
Vulnerabilities 44,959
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits