CWE-79: Cross-site Scripting (XSS)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Yearly Trend
Top Affected Vendors
All Cross-site Scripting (XSS) CVEs (8,805)
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Change Manager's Meeting Management component allows attackers to inject malicious scripts...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Project Gantt feature allows attackers to inject malici...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in 3DDashboard within 3DSwymer allows attackers to inject malicious scripts that execute in users' b...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Bookmark Editor allows attackers to inject malicious sc...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into the Rel...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Document Management allows attackers to inject maliciou...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Product Explorer allows attackers to inject malicious s...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into issue m...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's 3D Navigate component allows attackers to inject malici...
Mar 17, 2025A stored Cross-site Scripting (XSS) vulnerability in 3DPlay within 3DSwymer allows attackers to inject malicious scripts that execute in users' browse...
Mar 17, 2025A cross-site scripting (XSS) vulnerability in GitLab's proxy feature allows attackers to inject malicious scripts that execute in users' browsers when...
Mar 3, 2025A cross-site scripting (XSS) vulnerability in GitLab CE/EE allows attackers to inject malicious scripts into change pages. When exploited, this enable...
Feb 12, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into form fields. When...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into vulnerable form f...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...
Feb 11, 2025This vulnerability allows cross-site scripting (XSS) attacks when loading .ipynb files in GitLab's web IDE. Attackers can execute arbitrary JavaScript...
Feb 7, 2025This vulnerability allows attackers to inject malicious scripts through improperly rendered file types in GitLab, leading to cross-site scripting (XSS...
Jan 24, 2025A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator on 3DEXPERIENCE R2024x allows attackers to inject malicio...
Dec 16, 2024A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator on 3DEXPERIENCE R2024x allows attackers to inject malicio...
Dec 16, 2024A stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT v7.0.13 allows attackers to upload malicious XML files containing JavaScript. When execu...
Nov 12, 2024This vulnerability allows attackers to inject malicious HTML into GitLab's Global Search field on diff views, leading to cross-site scripting (XSS). A...
Oct 24, 2024A reflected Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into web ...
Oct 16, 2024A stored Cross-site Scripting (XSS) vulnerability in 3DSwym component of 3DSwymer allows attackers to inject malicious scripts that execute in users' ...
Sep 19, 2024A stored Cross-site Scripting (XSS) vulnerability in 3DDashboard within 3DSwymer allows attackers to inject malicious scripts that execute in users' b...
Sep 2, 2024A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts that execute...
Sep 2, 2024Note Mark versions before 0.13.1 contain a stored cross-site scripting (XSS) vulnerability where attackers can inject malicious JavaScript into markdo...
Jul 29, 2024This is a stored cross-site scripting (XSS) vulnerability in Confluence Data Center and Server that allows authenticated attackers to inject malicious...
Jul 16, 2024A stored cross-site scripting (XSS) vulnerability in GitLab allows attackers to inject malicious JavaScript into commit notes, which then executes in ...
Jun 27, 2024A stored XSS vulnerability in anything-llm allows attackers with manager role to inject malicious JavaScript via crafted URLs. When an admin clicks th...
Jun 6, 2024The IDonate WordPress plugin through version 1.9.0 contains a stored cross-site scripting (XSS) vulnerability in its settings. This allows authenticat...
May 23, 2024A stored cross-site scripting vulnerability in OpenText ArcSight Enterprise Security Manager and ArcSight Platform allows attackers to inject maliciou...
May 20, 2024This Cross-Site Scripting (XSS) vulnerability in iTop allows attackers to inject malicious scripts into object friendlyname/complementary name fields....
Apr 15, 2024This vulnerability is a stored cross-site scripting (XSS) flaw in GitLab's autocomplete feature for issue references, affecting GitLab CE/EE versions ...
Apr 12, 2024This cross-site scripting (XSS) vulnerability in GitLab's Jira integration configuration allows attackers to inject malicious JavaScript that executes...
Dec 1, 2023This vulnerability allows attackers with low privileges and network access to execute stored cross-site scripting (XSS) attacks in TIBCO EBX web appli...
Nov 14, 2023This vulnerability in ZITADEL allows attackers to inject malicious JavaScript into SVG avatar images, potentially enabling account takeover when victi...
Oct 26, 2023This vulnerability in OSNexus QuantaStor allows authenticated attackers to create alerts with malicious webhook URLs that execute arbitrary commands a...
Jul 10, 2023This stored cross-site scripting (XSS) vulnerability in GitLab allows attackers to inject malicious scripts into merge requests. When victims view the...
Jun 7, 2023This stored cross-site scripting (XSS) vulnerability in TeamPass allows attackers to inject malicious scripts that execute when other users view affec...
Jun 3, 2023A stored cross-site scripting (XSS) vulnerability in Collabora Online allows attackers to create documents with malicious names containing JavaScript ...
May 31, 2023Dradis versions before 4.8.0 contain a persistent cross-site scripting (XSS) vulnerability in avatar handling that allows authenticated author users t...
Apr 25, 2023This vulnerability allows attackers to inject malicious scripts through specially crafted Kroki diagrams in GitLab, leading to stored cross-site scrip...
Mar 9, 2023This vulnerability allows attackers with low privileges and network access to execute stored cross-site scripting (XSS) attacks on TIBCO EBX Add-ons s...
Feb 22, 2023This vulnerability allows attackers to inject malicious scripts into Splunk Web views through Base64-encoded image error messages. When exploited, it ...
Feb 14, 2023This vulnerability allows attackers to execute arbitrary JavaScript code by uploading malicious SVG files to FoF Upload extension for Flarum forums. A...
Jun 2, 2022About Cross-site Scripting (XSS) (CWE-79)
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page served to other users.
Our database tracks 8,805 CVEs classified as CWE-79, with 259 rated critical and 2,329 rated high severity. The average CVSS score for Cross-site Scripting (XSS) vulnerabilities is 6.4.
External reference: View CWE-79 on MITRE CWE →
Monitor Cross-site Scripting (XSS) Vulnerabilities
Get alerted when new Cross-site Scripting (XSS) CVEs affect your infrastructure.
Start Monitoring Free