CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,962 vulnerabilities with CWE-79
CVE-2026-2160
MEDIUM
Simple Responsive Tourism Website 1.0 - Cross-Site Scripting via Title Parameter in Master.php
CVSS 4.3
CVE-2026-2159
MEDIUM
SourceCodester Simple Responsive Tourism Website 1.0 - Cross-Site Scripting via Registration Parameter Manipulation
CVSS 4.3
CVE-2026-2156
LOW
Online Student Management System 1.0 - Cross-Site Scripting in Announcement Management Module
CVSS 2.4
CVE-2026-2154
MEDIUM
Patients Waiting Area Queue Management System 1.0 - Stored XSS via Patient Registration First Name
CVSS 4.3
CVE-2026-2150
MEDIUM
Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via checkin.php patient_id Parameter
CVSS 4.3
CVE-2026-2149
MEDIUM
Patients Waiting Area Queue Management System 1.0 - Cross-Site Scripting via patient_id Parameter
CVSS 4.3
CVE-2026-2145
LOW
nginxwebui < 4.3.7 - Cross-Site Scripting via nginxDir Parameter
CVSS 3.5
CVE-2026-1643
MEDIUM
MP-Ukagaka <= 1.5.2 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-1634
MEDIUM
Subitem AL Slider <= 1.0.0 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-1613
MEDIUM
Wonka Slide <= 1.3.3 - Authenticated Stored Cross-Site Scripting via list_class Shortcode
CVSS 6.4
CVE-2026-1611
MEDIUM
Wikiloops Track Player <1.0.1 - XSS
CVSS 6.4
CVE-2026-1608
MEDIUM
Video Onclick <= 0.4.7 - Authenticated Stored Cross-Site Scripting via YouTube Shortcode
CVSS 6.4
CVE-2026-1573
MEDIUM
OMIGO <= 3.3 - Authenticated Stored Cross-Site Scripting via omigo_donate_button Shortcode
CVSS 6.4
CVE-2026-1570
MEDIUM
Simple Bible Verse via Shortcode <1.1 - XSS
CVSS 6.4
CVE-2026-0555
MEDIUM
Premmerce <= 1.3.20 - Authenticated Stored Cross-Site Scripting via premmerce_wizard_actions AJAX Endpoint
CVSS 6.4
CVE-2026-25516
MEDIUM
NiceGUI < 3.7.0 - Stored Cross-Site Scripting via ui.markdown() Component
CVSS 6.1
CVE-2026-25581
MEDIUM
SCEditor < 3.2.1 - Cross-Site Scripting via Configuration Options
CVSS 5.4
CVE-2026-2064
LOW
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via File Parameter in User Data Page
CVSS 3.5
CVE-2026-25642
MEDIUM
HedgeDoc < 1.10.6 - Stored Cross-Site Scripting via SVG Upload
CVSS 4.3
CVE-2026-25640
HIGH
Pydantic AI 1.34.0-1.51.0 - Cross-Site Scripting via Unvalidated CDN URL Parameter
CVSS 7.1
CVE-2026-22254
NONE
Winter CMS < 1.2.10 - Authenticated Stored Cross-Site Scripting via SVG Upload
CVE-2026-25647
MEDIUM
SiYuan - Stored Cross-Site Scripting in Markdown Rendering Engine
CVSS 4.6
CVE-2026-24050
MEDIUM
Zulip Server 5.0-11.5 - Stored Cross-Site Scripting in Group and Channel Names
CVSS 5.4
CVE-2026-24903
MEDIUM
OrcaStatLLM Researcher - Stored Cross-Site Scripting in Session Page Log Message
CVSS 5.4
CVE-2026-1769
MEDIUM
Xerox CentreWare Web < 7.0.6 - Stored Cross-Site Scripting
CVSS 5.3
Details
Vulnerabilities
44,962
Exploit Likelihood
High