CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,747 vulnerabilities with CWE-79
CVE-2026-25901
MEDIUM
Joomla! Core - [20260502] - XSS in com_associations
CVSS 6.1
CVE-2026-25900
MEDIUM
Joomla! Core - [20260501] - XSS in feed modules
CVSS 6.1
CVE-2026-27427
MEDIUM
WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-9527
MEDIUM
itsourcecode Electronic Judging System judges.php cross site scripting
CVSS 4.3
CVE-2026-9520
MEDIUM
blitz-js blitz Sign-in LoginForm.tsx cross site scripting
CVSS 4.3
CVE-2026-9519
MEDIUM
stonith404 pingvin-share Sign-in Auto-Redirect signIn.tsx getServerSideProps cross site scripting
CVSS 4.3
CVE-2026-9518
MEDIUM
hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addStudent cross site scripting
CVSS 4.3
CVE-2026-45435
MEDIUM
WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-9485
LOW
SourceCodester Student Grades Management System students.php cross site scripting
CVSS 3.5
CVE-2026-48849
MEDIUM
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 4.4
CVE-2026-48848
HIGH
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 7.2
CVE-2026-9471
LOW
yashpokharna2555 StudentManagementSystem student.php cross site scripting
CVSS 3.5
CVE-2026-9448
MEDIUM
code-projects Employee Management System applyleave.php cross site scripting
CVSS 4.3
CVE-2026-45249
MEDIUM
Apache ECharts: XSS in Lines series tooltip rendering
CVSS 6.1
CVE-2026-9419
MEDIUM
code-projects Employee Management System empproject.php cross site scripting
CVSS 4.3
CVE-2026-9418
MEDIUM
code-projects Employee Management System changepassemp.php cross site scripting
CVSS 4.3
CVE-2026-9417
MEDIUM
code-projects Employee Management System myprofileup.php cross site scripting
CVSS 4.3
CVE-2026-6059
MEDIUM
NEC Platforms, Ltd. Aterm WX1800HP - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9416
MEDIUM
code-projects Employee Management System myprofile.php cross site scripting
CVSS 4.3
CVE-2026-9415
MEDIUM
code-projects Employee Management System eloginwel.php cross site scripting
CVSS 4.3
CVE-2026-9414
LOW
SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting
CVSS 3.5
CVE-2026-9413
MEDIUM
SourceCodester Indian Invoicing System category.php cross site scripting
CVSS 4.3
CVE-2026-9377
LOW
SourceCodester SUP Online Shopping productedit.php cross site scripting
CVSS 2.4
CVE-2026-9357
LOW
vBulletin Login cross site scripting
CVSS 3.5
CVE-2026-41147
HIGH
NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
CVSS 8.7
Details
Vulnerabilities
44,747
Exploit Likelihood
High