CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2026-20111
MEDIUM
Cisco Prime Infrastructure - Authenticated Stored Cross-Site Scripting in Web Management Interface
CVSS 4.8
CVE-2026-0873
MEDIUM
Ercom Cryptobox >=v4.40.x - Authenticated Privilege Escalation to Global Administrator
CVE-2026-0743
MEDIUM
WP Content Permission <= 1.2 - Authenticated Stored Cross-Site Scripting via ohmem-message Parameter
CVSS 4.4
CVE-2026-0742
MEDIUM
WordPress Smart Appointment & Booking <1.0.7 - XSS
CVSS 6.4
CVE-2026-0681
MEDIUM
WordPress Extended Random Number Generator <1.1 - XSS
CVSS 4.4
CVE-2026-1819
HIGH
Karel Electronics Industry and Trade Inc. ViPort <23012026 - XSS
CVSS 8.8
CVE-2026-22875
MEDIUM
Movable Type 8.0.2-8.0.8, 8.8.0-8.8.1, 9.0.4-9.0.5 - Stored Cross-Site Scripting in Export Sites
CVSS 5.4
CVE-2026-21393
MEDIUM
Movable Type 8.0.2-8.0.8 8.8.0-8.8.1 9.0.4-9.0.5 - Stored Cross-Site Scripting in Edit Comment
CVSS 5.4
CVE-2026-1755
MEDIUM
Menu Icons by ThemeIsle <0.13.20 - XSS
CVSS 6.4
CVE-2026-25148
MEDIUM
Qwik < 1.19.0 - Cross-Site Scripting via Virtual Attribute Serialization
CVSS 6.1
CVE-2026-24053
MEDIUM
Claude Code <2.0.74 - Privilege Escalation
CVSS 6.5
CVE-2026-25616
MEDIUM
Blesta 3.2.0-5.13.2 - Cross-Site Scripting
CVSS 4.7
CVE-2026-25522
MEDIUM
Craft Commerce 4.0.0-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Shipping Zone Name and Description Fields
CVSS 4.8
CVE-2026-25490
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 & 5.0.0-5.5.1 - Stored XSS in Inventory Locations Address Line 1
CVSS 4.8
CVE-2026-25489
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Tax Zone Name & Description Fields
CVSS 4.8
CVE-2026-25488
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 & 5.0.0-5.5.1 - Stored XSS in Tax Categories
CVSS 4.8
CVE-2026-25487
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Tax Rates Name Field
CVSS 4.8
CVE-2026-25486
MEDIUM
Craft Commerce 5.0.0-5.5.1 - Stored Cross-Site Scripting in Shipping Methods Name Field
CVSS 4.8
CVE-2026-25485
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Shipping Categories
CVSS 4.8
CVE-2026-25484
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting via Product Type Name
CVSS 4.8
CVE-2026-25483
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Order Status History Message
CVSS 5.4
CVE-2026-25482
MEDIUM
Craft Commerce 4.0.0-RC1-4.10.0 and 5.0.0-5.5.1 - Stored Cross-Site Scripting in Recent Orders Dashboard Widget
CVSS 4.8
CVE-2026-24426
MEDIUM
Shenzhen Tenda AC7 <V03.03.03.01_cn - XSS
CVSS 6.1
CVE-2026-24674
MEDIUM
Open eClass Platform < 4.2 - Reflected Cross-Site Scripting via Crafted URL
CVSS 4.7
CVE-2026-24672
HIGH
Open eClass Platform < 4.2 - Authenticated Stored Cross-Site Scripting in User Profile Fields
CVSS 7.3
Details
Vulnerabilities
44,966
Exploit Likelihood
High