CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,962 vulnerabilities with CWE-79
CVE-2026-1441 MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via /system/index_sets/ Endpoint
CVSS 6.1
CVE-2026-1440 MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via /system/pipelines/ Endpoint
CVSS 6.1
CVE-2026-1439 MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via Alerts Endpoint
CVSS 6.1
CVE-2026-1438 MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via /system/nodes/ Endpoint
CVSS 6.1
CVE-2026-1437 MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via User Edit Endpoint
CVSS 6.1
CVE-2026-1941 MEDIUM
WP Event Aggregator < 1.8.7 - Authenticated Stored Cross-Site Scripting via wp_events Shortcode
CVSS 6.4
CVE-2026-1649 MEDIUM
WordPress Community Events <1.5.7 - XSS
CVSS 4.4
CVE-2026-1943 MEDIUM
YayMail WooCommerce Email Customizer <=4.3.2 - XSS
CVSS 4.4
CVE-2026-2281 MEDIUM
WordPress Private Comment <=0.0.4 - XSS
CVSS 4.4
CVE-2026-1807 MEDIUM
InteractiveCalculator for WordPress <=1.0.3 - XSS
CVSS 6.4
CVE-2026-1666 MEDIUM
WordPress Download Manager <3.3.46 - XSS
CVSS 6.1
CVE-2026-1304 MEDIUM
Membership Plugin WordPress <=3.2.18 - XSS
CVSS 4.4
CVE-2026-1931 HIGH
Rent Fetch WordPress Plugin <0.32.4 - XSS
CVSS 7.2
CVE-2026-2622 LOW
Blossom < 1.17.1 - Cross-Site Scripting in Article Title Handler
CVSS 3.5
CVE-2026-26357 MEDIUM
Dell Unisphere for PowerMax 9.2.4.x - XSS
CVSS 5.4
CVE-2026-23861 MEDIUM
Dell Unisphere for PowerMax 9.2.4.x - XSS
CVSS 5.4
CVE-2026-1216 HIGH
WordPress RSS Aggregator <=5.0.10 - XSS
CVSS 7.2
CVE-2026-2002 MEDIUM
Forminator Forms <=1.50.2 - Stored XSS
CVSS 4.4
CVE-2026-2101 HIGH
ENOVIAvpm Web Access 1.16-1.19 - XSS
CVSS 8.7
CVE-2026-26930 HIGH
SmarterTools SmarterMail <9526 - XSS
CVSS 7.2
CVE-2026-2557 LOW
cskefu < 8.0.1 - Cross-Site Scripting via MediaController Upload Function
CVSS 3.5
CVE-2026-2547 LOW
ligerosmart < 6.1.26 - Cross-Site Scripting via Subaction Parameter in AgentDashboard
CVSS 3.5
CVE-2026-2546 LOW
LigeroSmart < 6.1.26 - Cross-Site Scripting via SortBy Argument in /otrs/index.pl
CVSS 3.5
CVE-2026-2545 LOW
LigeroSmart < 6.1.26 - Cross-Site Scripting via AgentTicketSearch Profile Parameter
CVSS 3.5
CVE-2026-1512 MEDIUM
Essential Addons for Elementor - WordPress <6.5.9 - XSS
CVSS 6.4
Details
Vulnerabilities 44,962
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits