Entity Details

Cwe-79 - Cross-site Scripting (xss) - Cwe

Type: Cwe

Frequency: Mentioned 91 times

Threat intelligence on Cwe-79 - Cross-site Scripting (xss) (Cwe). Found in 49 clusters.

Related Threat Clusters

• Ghost CMS SQL Injection Exploits 700+ Sites in Ongoing ClickFix Campaign (Threat Score: 78.0)
• CISA Alerts on Critical Flaws in SimpleHelp, Samsung MagicINFO, and D-Link Devices (Threat Score: 78.0)
• FrostyNeighbor Cyberespionage Campaign Targets Ukrainian and Polish Governments (Threat Score: 75.6)
• China-aligned APT Groups Target Global Maritime and Tech Sectors Amid Geopolitical Tensions (Threat Score: 75.5)
• High-Severity Stored XSS Vulnerability in HAX CMS (CVE-2026-48527) (Threat Score: 74.0)
• Critical XSS Vulnerability in Lukevella Rally Affects Versions Up to 4.7.4 (Threat Score: 72.9)
• Critical Vulnerabilities and Exploits Targeting Cisco, Canvas, and Microsoft Systems (Threat Score: 72.9)
• Funnel Builder Plugin Vulnerability Exploited in WooCommerce Attacks (Threat Score: 72.9)
• Critical GitLab Vulnerabilities Enable XSS and DoS Attacks (Threat Score: 72.2)
• CISA Warns of Active Exploitation of Cisco Catalyst SD-WAN Vulnerabilities (Threat Score: 72.2)

Recent Articles

• Tenzai's own research - pr.report
• CVE-2026-44698 - nvd.nist.gov
• CVE-2026-48527 AKAOMA CVE VULNERABILITIES / 6h HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. @haxtheweb/haxcms-nodejs 26.0.1 and haxcms-php 26.0.2 patch the issue. - cve.akaoma.com
• CVE-2026-48527 - Exploits & Severity - Feedly
• Chatgpt Markdown Rendering Vulnerability - permiso.io
• SOC Defenders Threat Intelligence - www.socdefenders.ai
• ESET APT Reports - www.globenewswire.com
• CVE-2026-41241: Critical Stored XSS in Pretalx Conference Platform Allows Attackers 100 ... - Rescana
• Active Exploitation Alert: Grandoreiro Banking Trojan and BTMOB RAT Targeting Windows ... - Rescana
• How to guarantee a speaker gig: Hack the system. Literally - Theregister