CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
43,790 vulnerabilities with CWE-79
CVE-2026-7596
MEDIUM
nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting
CVSS 4.3
CVE-2026-40201
MEDIUM
Diplodoc-platform @diplodoc/search-extension < 3.0.3 - XSS
CVSS 5.4
CVE-2026-6127
MEDIUM
Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API
CVSS 6.4
CVE-2026-7501
LOW
LinkStackOrg LinkStack UserController.php editPage cross site scripting
CVSS 3.5
CVE-2026-7429
MEDIUM
SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing
CVSS 4.6
CVE-2026-1493
MEDIUM
Cross-Site Scripting in LEX Baza Dokumentów
CVE-2026-7401
MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
CVSS 4.3
CVE-2026-7390
LOW
SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting
CVSS 3.5
CVE-2026-40230
MEDIUM
Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering
CVE-2026-40229
MEDIUM
Helpy 2.8.0 - Stored XSS in post author display via PostsHelper
CVE-2026-42524
HIGH
Jenkins Project Jenkins Html Publisher Plugin < 427 - XSS
CVSS 8.0
CVE-2026-42523
CRITICAL
Jenkins Project Jenkins GitHub Plugin < 1.46.0 - XSS
CVSS 9.0
CVE-2026-42652
HIGH
WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42643
MEDIUM
WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-2902
MEDIUM
WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment
CVSS 6.1
CVE-2026-42615
HIGH
Gchq CyberChef < 11.0.0 - XSS
CVSS 7.2
CVE-2026-7297
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting
CVSS 2.4
CVE-2026-7296
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting
CVSS 2.4
CVE-2026-37750
MEDIUM
School Management System - XSS
CVSS 6.1
CVE-2026-7295
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_menu cross site scripting
CVSS 2.4
CVE-2026-7294
LOW
SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting
CVSS 2.4
CVE-2026-38948
MEDIUM
FUEL CMS <=1.5.2 - XSS
CVSS 5.4
CVE-2026-7281
LOW
SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
CVSS 2.4
CVE-2026-7269
LOW
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 2.4
CVE-2026-4805
MEDIUM
Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
CVSS 6.4
Details
Vulnerabilities
43,790
Exploit Likelihood
High