CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2026-25647
MEDIUM
SiYuan - Stored Cross-Site Scripting in Markdown Rendering Engine
CVSS 4.6
CVE-2026-24050
MEDIUM
Zulip Server 5.0-11.5 - Stored Cross-Site Scripting in Group and Channel Names
CVSS 5.4
CVE-2026-24903
MEDIUM
OrcaStatLLM Researcher - Stored Cross-Site Scripting in Session Page Log Message
CVSS 5.4
CVE-2026-1769
MEDIUM
Xerox CentreWare Web < 7.0.6 - Stored Cross-Site Scripting
CVSS 5.3
CVE-2026-23738
LOW
Asterisk <20.7-cert9, <20.18.2, <21.12.1, <22.8.2, <23.2.2 - Info D...
CVSS 3.5
CVE-2026-1293
MEDIUM
Yoast SEO < 26.8 - Authenticated Stored Cross-Site Scripting via yoast-schema Block Attribute
CVSS 6.4
CVE-2026-1252
MEDIUM
Events Listing Widget <= 1.3.4 - Authenticated Stored Cross-Site Scripting via Event URL Parameter
CVSS 6.4
CVE-2026-1279
MEDIUM
Employee Directory plugin - WordPress <1.2.1 - XSS
CVSS 6.4
CVE-2026-1909
MEDIUM
WaveSurfer-WP <= 2.8.3 - Authenticated Stored Cross-Site Scripting via Audio Shortcode
CVSS 6.4
CVE-2026-1888
MEDIUM
Docus - YouTube Video Playlist <1.0.6 - XSS
CVSS 6.4
CVE-2026-1808
MEDIUM
WordPress Orange Confort+ <0.8 - XSS
CVSS 6.4
CVE-2026-1401
MEDIUM
Tune Library <= 1.6.3 - Authenticated Stored Cross-Site Scripting via CSV Import
CVSS 6.4
CVE-2026-0521
MEDIUM
TYDAC MAP+ 3.4.0 - Unauthenticated Reflected Cross-Site Scripting via PDF Export Functionality
CVSS 6.1
CVE-2026-1971
LOW
Edimax BR-6288ACL < 1.12 - Cross-Site Scripting via wiz_WISP24gmanual.asp manualssid Parameter
CVSS 2.4
CVE-2026-1654
MEDIUM
Peter's Date Countdown <2.0.0 - XSS
CVSS 6.1
CVE-2026-1319
MEDIUM
Robin Image Optimizer < 2.0.2 - Authenticated Stored Cross-Site Scripting via Media Library Alternative Text Field
CVSS 6.4
CVE-2026-1953
HIGH
Nukegraphic CMS 3.1.2 - Authenticated Stored Cross-Site Scripting in User Profile Name Field
CVE-2026-1268
MEDIUM
WordPress Dynamic Widget Content <1.3.6 - XSS
CVSS 6.4
CVE-2026-0867
MEDIUM
Essential Widgets <= 3.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-25578
MEDIUM
navidrome < 0.60.0 - Stored Cross-Site Scripting via Song Comment Metadata
CVSS 6.1
CVE-2026-25543
MEDIUM
HtmlSanitizer < 9.0.892 - Cross-Site Scripting via Template Tag
CVSS 6.1
CVE-2026-0947
MEDIUM
AT Internet Piano Analytics < 1.0.1 and 2.0.0-2.3.0 - Cross-Site Scripting
CVSS 4.8
CVE-2026-0946
MEDIUM
AT Internet SmartTag < 1.0.1 - Cross-Site Scripting
CVSS 6.1
CVE-2026-25054
MEDIUM
n8n < 1.123.9 and 2.0.0-2.2.1 - Authenticated Stored Cross-Site Scripting in Markdown Renderer
CVSS 5.4
CVE-2026-25051
MEDIUM
n8n < 1.123.2 - Authenticated Stored Cross-Site Scripting via Webhook Response Handling
CVSS 5.4
Details
Vulnerabilities
44,966
Exploit Likelihood
High