CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,959 vulnerabilities with CWE-79
CVE-2026-26193 HIGH
Open WebUI < 0.6.44 - Stored Cross-Site Scripting via Chat History Embeds Property
CVSS 7.3
CVE-2026-26192 HIGH
Open WebUI < 0.7.0 - Stored Cross-Site Scripting via Document Metadata HTML Property
CVSS 7.3
CVE-2026-27474 MEDIUM
SPIP 4.4.0-4.4.8 - Cross-Site Scripting in Private Area via Unsanitized HTML Tags
CVSS 6.1
CVE-2026-27473 MEDIUM
SPIP 4.4.0-4.4.8 - Stored Cross-Site Scripting via Syndicated Site URL
CVSS 6.4
CVE-2026-26059 MEDIUM
ChurchCRM < 6.8.2 - Authenticated Stored Cross-Site Scripting in Group View
CVSS 5.4
CVE-2026-23619 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23618 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23617 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23616 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23615 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23614 MEDIUM
GFI MailEssentials AI < 22.4 - Authenticated Stored Cross-Site Scripting via SPF IP Exceptions Description
CVSS 5.4
CVE-2026-23613 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23612 MEDIUM
GFI MailEssentials AI < 22.4 - Authenticated Stored Cross-Site Scripting via IP DNS Blocklist Configuration
CVSS 5.4
CVE-2026-23611 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23610 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23609 MEDIUM
GFI MailEssentials AI < 22.4 - Authenticated Stored XSS via Perimeter SMTP Servers
CVSS 5.4
CVE-2026-23608 MEDIUM
GFI MailEssentials AI < 22.4 - Authenticated Stored Cross-Site Scripting via Mail Monitoring Rule Name Field
CVSS 5.4
CVE-2026-23607 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23606 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-23605 MEDIUM
GFI MailEssentials AI < 22.4 - Authenticated Stored Cross-Site Scripting via Attachment Filtering Rule Name Parameter
CVSS 5.4
CVE-2026-23604 MEDIUM
GFI MailEssentials AI <22.4 - Stored XSS
CVSS 5.4
CVE-2026-26345 MEDIUM
SPIP 4.4.0-4.4.8 - Authenticated Stored Cross-Site Scripting via echapper_html_suspect()
CVSS 5.4
CVE-2026-26223 MEDIUM
SPIP 4.4.0-4.4.7 - Cross-Site Scripting via Iframe Tag Injection in Private Area
CVSS 6.1
CVE-2026-25739 MEDIUM
Indico < 3.3.10 - Stored Cross-Site Scripting via Material File Upload
CVSS 5.4
CVE-2026-2718 MEDIUM
Dealia Request a Quote Plugin <1.0.6 - XSS
CVSS 6.4
Details
Vulnerabilities 44,959
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits