CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,747 vulnerabilities with CWE-79
CVE-2026-8048
MEDIUM
My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
CVSS 6.4
CVE-2026-8040
MEDIUM
faq shortocde <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
CVSS 6.4
CVE-2026-6268
HIGH
EventPress < 22.2 – Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-6287
MEDIUM
All-in-One WooCommerce Growth & Store Enhancement Plugin < 3.3.8 - XSS
CVSS 5.4
CVE-2026-9022
MEDIUM
Splide Carousel Block <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'url' Block Attribute
CVSS 6.4
CVE-2026-48999
MEDIUM
Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product
CVSS 5.7
CVE-2026-9608
LOW
QianFox FoxCMS Administrator Backend edit cross site scripting
CVSS 2.4
CVE-2026-6565
MEDIUM
Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title
CVSS 6.4
CVE-2026-44903
MEDIUM
Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
CVSS 6.1
CVE-2026-44899
MEDIUM
Mistune Image Directive CSS Injection Vulnerability
CVSS 4.7
CVE-2026-44898
MEDIUM
Mistune TOC Anchor Injection XSS
CVSS 6.1
CVE-2026-44897
MEDIUM
Mistune Heading ID Attribute Injection XSS
CVSS 6.1
CVE-2026-44896
MEDIUM
Mistune: XSS via unescaped figclass/figwidth in Figure directive
CVSS 6.1
CVE-2026-44708
MEDIUM
Mistune Math Plugin XSS Escape Bypass
CVSS 6.1
CVE-2026-36239
MEDIUM
PbootCMS 3.2.11 - Code Injection in Site Configuration
CVSS 4.3
CVE-2026-44831
MEDIUM
Snipe-IT: XSS vulnerability in component notes
CVSS 4.8
CVE-2026-9566
MEDIUM
teableio teable Sign-up LoginPage.tsx cross site scripting
CVSS 4.3
CVE-2026-44669
HIGH
Faction: Stored XSS in Assessment Attachment Filename Preview Rendering
CVSS 8.7
CVE-2026-44667
HIGH
Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering
CVSS 8.7
CVE-2026-9564
LOW
SourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross site scripting
CVSS 2.4
CVE-2026-48905
MEDIUM
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
CVSS 6.1
CVE-2026-48903
MEDIUM
Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
CVSS 6.1
CVE-2026-44729
HIGH
Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)
CVSS 8.7
CVE-2026-30895
MEDIUM
Joomla! Core - [20260504] - XSS in readmore links
CVSS 6.1
CVE-2026-30894
MEDIUM
Joomla! Core - [20260503] - XSS in com_contenthistory
CVSS 6.1
Details
Vulnerabilities
44,747
Exploit Likelihood
High