Weaknesses of type CWE-79
26,101 resultsCVE-2023-38501MEDIUMcopyparty vulnerable to reflected cross-site scripting via k304 parameterEPSS 6.2%CVE-2023-0527LOWPHPGurukul Online Security Guards Hiring System search-request.php cross site scriptingEPSS 6.2%CVE-2022-34305—XSS in examples web applicationEPSS 6.2%CVE-2026-27822CRITICALRust has Critical Stored XSS in Preview Modal, leading to Administrative Account TakeoverEPSS 6.0%CVE-2023-37979HIGHWordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)EPSS 6.0%CVE-2025-29471HIGHCross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into tEPSS 5.9%CVE-2025-52378MEDIUMCross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JaEPSS 5.9%CVE-2021-43810HIGHCross-site Scripting (XSS) when redirect an urlEPSS 5.8%CVE-2022-0448—CP Blocks < 1.0.15 - Admin+ Stored Cross-Site ScriptingEPSS 5.8%CVE-2022-3766HIGHCross-site Scripting (XSS) - Reflected in thorsten/phpmyfaqEPSS 5.7%CVE-2021-24245—Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)EPSS 5.7%CVE-2026-42897HIGHMicrosoft Exchange Server Spoofing VulnerabilityEPSS 5.6%KEVCVE-2021-21030HIGHMagento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript ExecutionEPSS 5.6%CVE-2021-24299—ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)EPSS 5.5%CVE-2024-5420HIGHStored Cross-Site Scripting in SEH Computertechnik utnserver ProEPSS 5.5%CVE-2021-24610—TranslatePress < 2.0.9 - Authenticated Stored Cross-Site ScriptingEPSS 5.4%CVE-2025-54353MEDIUMAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet ForEPSS 5.4%CVE-2022-41441MEDIUMMultiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a craftedEPSS 5.3%CVE-2022-25869MEDIUMAll versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to CroEPSS 5.3%CVE-2023-4174LOWmooSocial mooStore cross site scriptingEPSS 5.3%