CWE-79 · Cross-site Scripting
45024 CVEs classified under CWE-79 (Cross-site Scripting). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49410 | Critical | 10.0 | 2025-08-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue a… |
CVE-2024-47875 | Critical | 10.0 | 2024-10-11 | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i… |
CVE-2023-45144 | Critical | 10.0 | 2023-10-16 | com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in vi… |
CVE-2023-45138 | Critical | 10.0 | 2023-10-12 | Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to vers… |
CVE-2022-4361 | Critical | 10.0 | 2023-07-07 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerabili… |
CVE-2023-28849 | Critical | 10.0 | 2023-04-05 | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a… |
CVE-2023-0018 | Critical | 10.0 | 2023-01-10 | Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an a… |
CVE-2021-36206 | Critical | 10.0 | 2022-10-28 | All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data w… |
CVE-2022-35698 | Critical | 10.0 | 2022-10-14 | Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue… |
CVE-2021-23856 | Critical | 10.0 | 2021-10-04 | The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipul… |
CVE-2021-39199 | Critical | 10.0 | 2021-09-07 | remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was s… |
CVE-2021-32798 | Critical | 10.0 | 2021-08-09 | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter N… |
CVE-2021-32671 | Critical | 10.0 | 2021-06-07 | Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. T… |
CVE-2026-54158 | Critical | 9.9 | 2026-06-24 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell con… |
CVE-2026-54067 | Critical | 9.9 | 2026-06-24 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag w… |
CVE-2026-50551 | Critical | 9.9 | 2026-06-24 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribu… |
CVE-2026-40472 | Critical | 9.9 | 2026-04-23 | In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Sc… |
CVE-2026-40470 | Critical | 9.9 | 2026-04-23 | A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation u… |
CVE-2026-34571 | Critical | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version… |
CVE-2026-34569 | Critical | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version… |