CWE-79


Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

We have discovered 15,196,816 live websites that are affected by CWE-79.

Contact us to get more info







CVEs

  • Count - 4,832



Website Distribution by Country

Number of websites using CWE-79
United States4,808,043 websites


Germany1,398,684 websites
France728,427 websites
Russia651,284 websites
Japan624,037 websites
GB591,335 websites
Italy506,311 websites
Netherlands473,485 websites
China336,419 websites
Poland325,760 websites

Website Distribution by TLD

Number of websites using CWE-79
.com6,561,997 websites
.de878,303 websites
.org656,214 websites
.ru537,107 websites
.net440,722 websites
.nl414,003 websites
.co.uk395,635 websites
.it367,681 websites
.fr307,548 websites
.pl249,957 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Apr, 2026CVE-2026-3498 BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute364
Apr, 2026CVE-2026-4895 Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute1,285
Apr, 2026CVE-2026-3005 List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode1
Apr, 2026CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content709
Apr, 2026CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute8,155
Apr, 2026CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes33,595
Apr, 2026CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution3,469
Apr, 2026CVE-2025-1794 AM LottiePlayer <= 3.6.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG36
Apr, 2026CVE-2026-1396 Magic Conversation For Gravity Forms <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes5
Apr, 2026CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'68,244

The most widespread CVEs

List of the most common CVEs that are part of CWE-79
DiscoveredCVEDescriptionWebsites
Apr, 2020CVE-2020-11023 Potential XSS vulnerability in jQuery7,099,257
Mar, 2026CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute3,738,996
Apr, 2020CVE-2020-11022 jQuery has a potential XSS vulnerability3,491,397
Feb, 2026CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute2,502,255
Jan, 2022CVE-2022-21662 Stored XSS in WordPress1,383,904
Dec, 2025CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path1,309,537
Mar, 2024CVE-2024-2242 Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting1,286,532
Jul, 2022CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label1,284,913
Oct, 2021CVE-2021-41182 XSS in the `altField` option of the Datepicker widget1,184,778
Oct, 2021CVE-2021-41183 XSS in `*Text` options of the Datepicker widget1,184,778

Websites affected by CWE-79

Top websites that are affected by CWE-79. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.org United States*
**********.***********.com United States**
********.****.br Brazil**
*********.com United States**
*********.com United States***
*******.com Singapore***
*********.com United States***
***********.com Ireland***
******.com United States***
***************.org United States***
See full domain list