CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,736 vulnerabilities with CWE-79
CVE-2026-10244
LOW
SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting
CVSS 3.5
CVE-2026-9024
HIGH
DELMIA Service Process Engineer R2024x-R2026x - Stored Cross-Site Scripting
CVSS 8.7
CVE-2026-8474
MEDIUM
Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.
CVSS 5.3
CVE-2026-42253
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties
CVSS 6.1
CVE-2026-40545
MEDIUM
Reflected XSS in SOPlanning
CVE-2026-40544
MEDIUM
Stored XSS in SOPlanning
CVE-2026-10234
LOW
Mettle sendportal Campaign webview cross site scripting
CVSS 3.5
CVE-2026-10228
LOW
raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting
CVSS 3.5
CVE-2026-48209
HIGH
OTRS - Reflected XSS in Authenticated Agent Context
CVSS 7.1
CVE-2026-10173
MEDIUM
Orthanc Explorer 2 URL StudyList.vue cross site scripting
CVSS 4.3
CVE-2026-10153
MEDIUM
westboy CicadasCMS AbstractCacheManager.java search cross site scripting
CVSS 4.3
CVE-2026-10112
LOW
sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting
CVSS 2.4
CVE-2026-34127
MEDIUM
Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE
CVSS 4.8
CVE-2026-49384
MEDIUM
Jetbrains PyCharm < 2025.3.4 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 6.1
CVE-2026-49381
LOW
Jetbrains TeamCity < 2026.1 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 3.4
CVE-2026-49375
MEDIUM
JetBrains TeamCity - Reflected Cross-Site Scripting on Repository Download Page
CVSS 6.1
CVE-2026-49371
HIGH
Jetbrains TeamCity < 2026.1.1 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 7.1
CVE-2026-49368
HIGH
Jetbrains YouTrack < 2026.1.13162 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 8.7
CVE-2026-44651
MEDIUM
SillyTavern CORS Proxy - Reflected Cross-Site Scripting
CVE-2026-6824
HIGH
CP Plus 8 Ch. Network Video Recorder Cross-site Scripting
CVSS 8.4
CVE-2026-45668
CRITICAL
Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)
CVE-2026-45627
HIGH
Arcane: Unauthenticated reflected XSS via SVG color parameter in /api/app-images/logo enables admin account takeover
CVSS 8.2
CVE-2026-36324
MEDIUM
SourceCodester Doctor Appointment System 1.0 - Stored Cross-Site Scripting in User Registration
CVSS 6.1
CVE-2026-33386
LOW
XSS in QuickCMS
CVE-2026-47694
MEDIUM
WWBN AVideo: Stored XSS via unescaped Gallery category description
CVSS 5.4
Details
Vulnerabilities
44,736
Exploit Likelihood
High