CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,813 vulnerabilities with CWE-79
CVE-2026-39960
MEDIUM
MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values
CVSS 5.4
CVE-2026-9144
HIGH
Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface
CVSS 7.6
CVE-2026-47099
MEDIUM
TeleJSON < 6.0.0 DOM-based XSS via parse() Function
CVSS 6.1
CVE-2026-39311
MEDIUM
Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments
CVSS 6.8
CVE-2026-35016
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
CVSS 4.6
CVE-2026-35015
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter
CVSS 4.6
CVE-2026-35014
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter
CVSS 4.6
CVE-2026-35013
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
CVSS 4.6
CVE-2026-35012
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter
CVSS 4.6
CVE-2026-35011
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via opena.php frm_call Parameter
CVSS 4.6
CVE-2026-35010
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter
CVSS 4.6
CVE-2026-35009
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter
CVSS 4.6
CVE-2026-35008
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via single.php ticket_id Parameter
CVSS 4.6
CVE-2026-35007
MEDIUM
Open ISES Tickets < 3.44.2 Reflected XSS via single_unit.php id Parameter
CVSS 4.6
CVE-2026-26028
MEDIUM
CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS
CVSS 6.1
CVE-2026-30691
MEDIUM
@cyntler/react-doc-viewer 1.17.1 - Cross-Site Scripting via TXTRenderer Component
CVSS 6.1
CVE-2026-7613
HIGH
Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
CVSS 7.2
CVE-2026-44924
MEDIUM
InfoScale VIOM 9.1.3 - Cross-Site Scripting
CVSS 5.4
CVE-2026-5783
HIGH
Reflected XSS in Beyaz Computer's CityPLus
CVSS 7.6
CVE-2026-4293
MEDIUM
Kieback & Peter DDC Building Controllers Cross-site Scripting
CVSS 5.3
CVE-2026-24573
MEDIUM
WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-2955
MEDIUM
AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header
CVSS 6.4
CVE-2026-7460
HIGH
mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped
CVE-2026-8627
MEDIUM
Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-8626
MEDIUM
SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
Details
Vulnerabilities
44,813
Exploit Likelihood
High