CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
42,295 vulnerabilities with CWE-79
CVE-2026-3819
LOW
SourceCodester Resort Reservation System 1.0 - XSS
CVSS 3.5
CVE-2025-40638
Eventobot - XSS
CVE-2026-3812
MEDIUM
itsourcecode Payroll Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3766
LOW
SourceCodester Pharmacy System 1.0 - XSS
CVSS 3.5
CVE-2026-3763
MEDIUM
Simple Flight Ticket Booking System 1.0 - XSS
CVSS 4.3
CVE-2026-3743
LOW
YiFang CMS 2.0.5 - XSS
CVSS 3.5
CVE-2026-3742
LOW
YiFang CMS 2.0.5 - XSS
CVSS 3.5
CVE-2026-3741
LOW
YiFang CMS 2.0.5 - XSS
CVSS 3.5
CVE-2026-3721
LOW
1024-lab SmartAdmin <3.29 - XSS
CVSS 3.5
CVE-2026-3720
LOW
1024-lab/lab1024 SmartAdmin <3.29 - XSS
CVSS 3.5
CVE-2026-3716
LOW
Wavlink WL-WN579X3-C 231124 - XSS
CVSS 2.4
CVE-2026-3702
MEDIUM
SourceCodester Loan Management System 1.0 - XSS
CVSS 4.3
CVE-2026-30838
league/commonmark <2.8.1 - XSS
CVE-2026-29192
HIGH
ZITADEL 4.0.0-4.11.1 - Open Redirect
CVSS 7.7
CVE-2026-29191
CRITICAL
ZITADEL 4.0.0-4.11.1 - XSS
CVSS 9.3
CVE-2026-2433
MEDIUM
RSS Aggregator WordPress Plugin <=5.0.11 - XSS
CVSS 6.1
CVE-2026-2420
MEDIUM
LotekMedia Popup Form <=1.0.6 - XSS
CVSS 4.4
CVE-2026-1825
MEDIUM
Show YouTube video plugin 1.1 - XSS
CVSS 6.4
CVE-2026-1824
MEDIUM
Infomaniak Connect for OpenID <1.0.2 - XSS
CVSS 6.4
CVE-2026-1823
MEDIUM
Consensus Embed WordPress Plugin <=1.6 - XSS
CVSS 6.4
CVE-2026-1820
MEDIUM
Media Library Alt Text Editor <1.0.0 - XSS
CVSS 6.4
CVE-2026-1805
MEDIUM
DA Media GigList <1.9.0 - Stored XSS
CVSS 6.4
CVE-2026-1574
MEDIUM
MyQtip WordPress Plugin <2.0.5 - XSS
CVSS 6.4
CVE-2026-1569
MEDIUM
Wueen Plugin for WordPress <=0.2.0 - XSS
CVSS 6.4
CVE-2026-1074
HIGH
WP App Bar Plugin <1.5 - Stored XSS
CVSS 7.2
Details
Vulnerabilities
42,295
Exploit Likelihood
High