CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,747 vulnerabilities with CWE-79
CVE-2026-48225
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter
CVSS 5.4
CVE-2026-48224
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48223
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48222
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48221
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48220
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics205.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48219
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via ics202.php frm_add_str Parameter
CVSS 5.4
CVE-2026-48218
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via icons/buttons/landb.php frm_name and frm_id Parameters
CVSS 5.4
CVE-2026-48217
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters
CVSS 5.4
CVE-2026-48216
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters
CVSS 5.4
CVE-2026-48215
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via circle.php frm_id Parameter
CVSS 5.4
CVE-2026-48214
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
CVSS 5.4
CVE-2026-48213
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter
CVSS 5.4
CVE-2026-6841
MEDIUM
Reflected XSS in Request Tracker
CVSS 6.1
CVE-2026-1543
MEDIUM
Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes
CVSS 6.4
CVE-2026-4811
MEDIUM
WPB Floating Menu or Categories < 1.0.8 - Authenticated Stored Cross-Site Scripting via Icon CSS Class
CVSS 4.9
CVE-2026-39960
MEDIUM
MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values
CVSS 5.4
CVE-2026-9144
HIGH
Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface
CVSS 7.6
CVE-2026-47099
MEDIUM
TeleJSON < 6.0.0 DOM-based XSS via parse() Function
CVSS 6.1
CVE-2026-39311
MEDIUM
Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments
CVSS 6.8
CVE-2026-35016
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
CVSS 4.6
CVE-2026-35015
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter
CVSS 4.6
CVE-2026-35014
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter
CVSS 4.6
CVE-2026-35013
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
CVSS 4.6
CVE-2026-35012
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter
CVSS 4.6
Details
Vulnerabilities
44,747
Exploit Likelihood
High