CWE-79Cross-site Scripting (XSS)

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.— MITRE CWE catalog

42,738 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-79page 2 of 855

Map vulnerabilities like CWE-79 to your infrastructure

EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →