CWE-79 · Cross-site Scripting

45024 CVEs classified under CWE-79 (Cross-site Scripting). Browse by severity and year.

Top CVEs for CWE-79
CVESeverityScorePublishedSummary
CVE-2025-49410Critical10.02025-08-20Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue a…
CVE-2024-47875Critical10.02024-10-11DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i…
CVE-2023-45144Critical10.02023-10-16com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in vi…
CVE-2023-45138Critical10.02023-10-12Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to vers…
CVE-2022-4361Critical10.02023-07-07Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerabili…
CVE-2023-28849Critical10.02023-04-05GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a…
CVE-2023-0018Critical10.02023-01-10Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an a…
CVE-2021-36206Critical10.02022-10-28All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data w…
CVE-2022-35698Critical10.02022-10-14Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue…
CVE-2021-23856Critical10.02021-10-04The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipul…
CVE-2021-39199Critical10.02021-09-07remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was s…
CVE-2021-32798Critical10.02021-08-09The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter N…
CVE-2021-32671Critical10.02021-06-07Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. T…
CVE-2026-54158Critical9.92026-06-24SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell con…
CVE-2026-54067Critical9.92026-06-24SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag w…
CVE-2026-50551Critical9.92026-06-24SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribu…
CVE-2026-40472Critical9.92026-04-23In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Sc…
CVE-2026-40470Critical9.92026-04-23A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation u…
CVE-2026-34571Critical9.92026-04-01CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version…
CVE-2026-34569Critical9.92026-04-01CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version…