CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,813 vulnerabilities with CWE-79
CVE-2026-8624
MEDIUM
LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVSS 6.1
CVE-2026-8038
MEDIUM
Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
CVSS 6.4
CVE-2026-7462
MEDIUM
VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter
CVSS 6.1
CVE-2026-6549
MEDIUM
Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
CVSS 6.4
CVE-2026-6404
MEDIUM
Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter
CVSS 4.4
CVE-2026-6399
MEDIUM
General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter
CVSS 4.4
CVE-2026-6397
MEDIUM
Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute
CVSS 6.4
CVE-2026-5293
MEDIUM
診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter
CVSS 6.4
CVE-2026-8493
MEDIUM
Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
CVSS 5.4
CVE-2026-6871
MEDIUM
Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
CVSS 6.1
CVE-2026-6367
MEDIUM
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
CVSS 6.1
CVE-2026-6365
MEDIUM
Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
CVSS 6.1
CVE-2026-6095
MEDIUM
Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032
CVSS 6.1
CVE-2026-5090
MEDIUM
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected
CVSS 6.1
CVE-2026-34463
HIGH
MantisBT has Stored HTML Injection/XSS via Clone Issue Form
CVE-2026-34241
HIGH
CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking
CVSS 8.7
CVE-2026-33741
MEDIUM
EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript
CVSS 6.8
CVE-2026-31906
MEDIUM
Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
CVSS 6.1
CVE-2026-31379
MEDIUM
Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager
CVSS 6.1
CVE-2026-27964
LOW
FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation
CVSS 3.9
CVE-2026-27737
MEDIUM
BigBlueButton has Stored XSS in bbb-playback replay
CVSS 6.5
CVE-2026-45231
MEDIUM
DumbAssets 1.0.11 Stored Cross-Site Scripting via Asset Fields
CVSS 6.1
CVE-2026-45494
MEDIUM
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 5.4
CVE-2026-29965
MEDIUM
HSC MailInspector 5.3.3-7 - Cross-Site Scripting in WarningUrlPage Endpoint
CVSS 6.1
CVE-2026-29964
MEDIUM
HSC MailInspector 5.3.3-7 - Cross-Site Scripting via /tap/tap.php Endpoint
CVSS 6.1
Details
Vulnerabilities
44,813
Exploit Likelihood
High