Weaknesses of type CWE-79
26,098 resultsCVE-2016-2279MEDIUMCross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows rEPSS 7.5%CVE-2025-52436HIGHAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet ForEPSS 7.5%CVE-2022-0864—UpdraftPlus < 1.22.9 - Reflected Cross-Site ScriptingEPSS 7.4%CVE-2023-33829MEDIUMA stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripEPSS 7.3%CVE-2020-4038HIGHReflected XSS in GraphQL PlaygroundEPSS 7.2%CVE-2021-26247—As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execuEPSS 7.1%CVE-2021-1879MEDIUMThis issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOEPSS 7.1%KEVCVE-2020-8115—A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo TEPSS 7.1%CVE-2026-20959MEDIUMMicrosoft SharePoint Server Spoofing VulnerabilityEPSS 7.0%CVE-2019-3925—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.1EPSS 6.9%CVE-2019-3926—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.1EPSS 6.9%CVE-2021-25079—Contact Form Entries < 1.2.4 - Reflected Cross-Site ScriptingEPSS 6.8%CVE-2025-1392MEDIUMD-Link DIR-816 index.html cross site scriptingEPSS 6.8%CVE-2012-0767MEDIUMCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, aEPSS 6.7%KEVCVE-2021-24316—Mediumish <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS)EPSS 6.4%CVE-2020-13959—Velocity Tools XSS VulnerabilityEPSS 6.4%CVE-2012-1872MEDIUMCross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script oEPSS 6.4%CVE-2014-3146MEDIUMIncomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scriptinEPSS 6.3%CVE-2022-39195MEDIUMA cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML vEPSS 6.3%CVE-2021-24237—Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)EPSS 6.3%