CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,736 vulnerabilities with CWE-79
CVE-2026-1450
MEDIUM
rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter
CVSS 6.1
CVE-2026-3722
MEDIUM
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image Seo) < 4.9 - XSS
CVSS 6.4
CVE-2026-10567
LOW
1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
CVSS 3.5
CVE-2026-10510
MEDIUM
GeniexWebView XSS in com.transsion.aiassistantlifestyle
CVSS 6.1
CVE-2026-10100
MEDIUM
Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
CVSS 4.4
CVE-2026-10529
LOW
westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting
CVSS 2.4
CVE-2026-10514
LOW
1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
CVSS 2.4
CVE-2026-10301
MEDIUM
itsourcecode Fees Management System 1.0 - Cross-Site Scripting via index.php page Parameter
CVSS 4.3
CVE-2026-24754
MEDIUM
Kiteworks < 9.3.0 - Authenticated Stored Cross-Site Scripting in Secure Data Forms
CVSS 5.4
CVE-2026-24752
HIGH
Kiteworks < 9.3.0 - Reflected Cross-Site Scripting in Secure Data Forms
CVSS 8.2
CVE-2026-24751
HIGH
Kiteworks < 9.3.0 - Reflected Cross-Site Scripting in Secure Data Forms
CVSS 8.2
CVE-2026-10289
MEDIUM
Hotel and Tourism Reservation System 1.0 - Cross-Site Scripting via Tour.php Name/Email/People/Number Parameters
CVSS 4.3
CVE-2026-42678
HIGH
WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42676
MEDIUM
WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-48865
HIGH
WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48839
HIGH
WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48559
MEDIUM
Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags
CVSS 5.4
CVE-2026-42683
HIGH
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42681
HIGH
WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-9309
MEDIUM
Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection
CVSS 5.4
CVE-2026-9308
MEDIUM
Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order
CVSS 5.4
CVE-2026-25599
MEDIUM
Missing authentication and clear‑text data transmission affecting Orca heat pumps
CVSS 6.3
CVE-2026-10247
LOW
SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting
CVSS 3.5
CVE-2026-10246
LOW
SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting
CVSS 3.5
CVE-2026-10245
LOW
SourceCodester Pharmacy Sales and Inventory System main create_supplier cross site scripting
CVSS 3.5
Details
Vulnerabilities
44,736
Exploit Likelihood
High