CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,747 vulnerabilities with CWE-79
CVE-2026-35011
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via opena.php frm_call Parameter
CVSS 4.6
CVE-2026-35010
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter
CVSS 4.6
CVE-2026-35009
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter
CVSS 4.6
CVE-2026-35008
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via single.php ticket_id Parameter
CVSS 4.6
CVE-2026-35007
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via single_unit.php id Parameter
CVSS 4.6
CVE-2026-26028
MEDIUM
CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS
CVSS 6.1
CVE-2026-30691
MEDIUM
@cyntler/react-doc-viewer 1.17.1 - Cross-Site Scripting via TXTRenderer Component
CVSS 6.1
CVE-2026-7613
HIGH
Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
CVSS 7.2
CVE-2026-44924
MEDIUM
InfoScale VIOM 9.1.3 - Cross-Site Scripting
CVSS 5.4
CVE-2026-5783
HIGH
Reflected XSS in Beyaz Computer's CityPLus
CVSS 7.6
CVE-2026-4293
MEDIUM
Kieback & Peter DDC Building Controllers Cross-site Scripting
CVSS 5.3
CVE-2026-24573
MEDIUM
WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-2955
MEDIUM
AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header
CVSS 6.4
CVE-2026-7460
HIGH
mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped
CVE-2026-8627
MEDIUM
Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-8626
MEDIUM
SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-8624
MEDIUM
LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-8038
MEDIUM
Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
CVSS 6.4
CVE-2026-7462
MEDIUM
VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter
CVSS 6.1
CVE-2026-6549
MEDIUM
Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
CVSS 6.4
CVE-2026-6404
MEDIUM
Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter
CVSS 4.4
CVE-2026-6399
MEDIUM
General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter
CVSS 4.4
CVE-2026-6397
MEDIUM
Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute
CVSS 6.4
CVE-2026-5293
MEDIUM
診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter
CVSS 6.4
CVE-2026-8493
MEDIUM
Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
CVSS 5.4
Details
Vulnerabilities
44,747
Exploit Likelihood
High