CWE-79 CVEs and Security Vulnerabilities

Export limit exceeded: 45334 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45334 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-26105	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-04-09	8.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-31354	1 Feehi	1 Feehi Cms	2026-04-09	5.4 Medium
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVE-2026-31353	1 Feehi	1 Feehi Cms	2026-04-09	5.4 Medium
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2026-31352	1 Feehi	1 Feehi Cms	2026-04-09	5.4 Medium
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVE-2026-31350	1 Feehi	1 Feehi Cms	2026-04-09	5.4 Medium
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVE-2026-31313	1 Feehi	1 Feehi Cms	2026-04-09	5.4 Medium
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVE-2025-61648	2 Mediawiki, Wikimedia	2 Checkuser, Checkuser	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUser: from * before 1.44.1.
CVE-2025-61651	2 Mediawiki, Wikimedia	2 Checkuser, Checkuser	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from * before 1.44.1.
CVE-2025-61655	2 Mediawiki, Wikimedia	2 Visual Editor, Visualeditor	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61656	2 Mediawiki, Wikimedia	2 Visual Editor, Visualeditor	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-67475	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67477	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
CVE-2025-67481	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVE-2025-67483	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-04-09	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
CVE-2026-39416	1 Ail-project	1 Ail-framework	2026-04-09	N/A
AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled content was returned without an explicit text/plain content type, allowing the browser to interpret the response as active HTML. This could result in execution of arbitrary JavaScript in the context of an authenticated user viewing a crafted item. This vulnerability is fixed in 6.8.
CVE-2025-56018	2 Senior-walter, Sourcecodester	2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System	2026-04-09	6.1 Medium
SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.
CVE-2026-5806	1 Code-projects	1 Easy Blog Site	2026-04-09	3.5 Low
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5451	2 Hupe13, Wordpress	2 Extensions For Leaflet Map, Wordpress	2026-04-09	6.4 Medium
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-4429	2 Photoweblog, Wordpress	2 Osm – Openstreetmap, Wordpress	2026-04-09	6.4 Medium
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-39338	1 Churchcrm	1 Churchcrm	2026-04-09	6.1 Medium
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browser's JavaScript engine parses and executes the injected <script> tags before the error response is returned — resulting in successful code execution regardless of the server-side error. This vulnerability is fixed in 7.1.0.

« first previous Page 5 of 2267. next last »