CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,962 vulnerabilities with CWE-79
CVE-2026-1164
MEDIUM
Easy Voice Mail <= 1.2.5 - Authenticated Stored Cross-Site Scripting via Message Parameter
CVSS 6.1
CVE-2026-1844
HIGH
PixelYourSite Pro < 12.4.0.2 - Stored XSS via pysTrafficSource and pys_landing_page
CVSS 7.2
CVE-2026-1841
HIGH
PixelYourSite < 11.2.0 - Stored XSS via pysTrafficSource and pys_landing_page
CVSS 7.2
CVE-2026-26226
MEDIUM
beautiful-mermaid < 0.1.3 - Cross-Site Scripting via SVG Attribute Injection
CVE-2026-1578
MEDIUM
HP App < 26.0.0.6234 - Cross-Site Scripting
CVE-2026-1721
MEDIUM
npm agents < 0.3.10 - Reflected Cross-Site Scripting via OAuth Callback Error Description
CVE-2026-26188
MEDIUM
Solspace Freeform 5.0.0-5.14.6 - Authenticated Stored Cross-Site Scripting in Form Builder
CVSS 5.4
CVE-2026-1320
HIGH
Secure Copy Content Protection <=4.9.8 - Stored XSS via X-Forwarded-For Header
CVSS 7.2
CVE-2026-1316
HIGH
Customer Reviews for WooCommerce <5.97.0 - XSS
CVSS 7.2
CVE-2026-2276
MEDIUM
Wix web application - Authenticated Stored Cross-Site Scripting via SVG Upload
CVE-2026-26023
MEDIUM
dify < 1.13.0 - Stored Cross-Site Scripting via ECharts Payload
CVSS 6.1
CVE-2026-25935
MEDIUM
vikunja/vikunja < 1.1.0 - Stored Cross-Site Scripting via Task Description Hover
CVSS 5.4
CVE-2026-25759
HIGH
Statamic CMS 6.0.0-6.2.2 - Authenticated Stored Cross-Site Scripting in Content Titles
CVSS 8.7
CVE-2026-25868
MEDIUM
minigal_nano < 0.3.5 - Reflected Cross-Site Scripting via dir Parameter
CVSS 6.1
CVE-2026-2344
HIGH
Plunet BusinessManager <10.15.1 - Privilege Escalation
CVE-2026-2337
HIGH
Plunet BusinessManager <10.15.1 - SSRF
CVE-2026-0595
HIGH
GitLab 13.9-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated HTML Injection in Test Case Titles
CVSS 7.3
CVE-2026-1885
MEDIUM
Slideshow Wp <= 1.1 - Authenticated Stored Cross-Site Scripting via sswpid Attribute
CVSS 6.4
CVE-2026-1853
MEDIUM
BuddyHolis ListSearch <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-1827
MEDIUM
Flask Micro code-editor plugin <1.0.0 - XSS
CVSS 6.4
CVE-2026-1826
MEDIUM
OpenPOS Lite - WooCommerce <3.0 - XSS
CVSS 6.4
CVE-2026-1821
MEDIUM
Microtango <= 0.9.29 - Authenticated Stored Cross-Site Scripting via restkey Parameter
CVSS 6.4
CVE-2026-1809
MEDIUM
WordPress HTML Tag Shortcodes <1.1 - XSS
CVSS 6.4
CVE-2026-1804
MEDIUM
WDES Responsive Popup <= 1.3.6 - Authenticated Stored Cross-Site Scripting via wdes-popup-title Shortcode
CVSS 6.4
CVE-2026-0815
MEDIUM
Category Image <= 2.0 - Authenticated Stored Cross-Site Scripting via Tag-Image Parameter
CVSS 4.4
Details
Vulnerabilities
44,962
Exploit Likelihood
High