CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
43,790 vulnerabilities with CWE-79
CVE-2026-7012
LOW
MaxSite CMS Redirect Plugin cross site scripting
CVSS 2.4
CVE-2026-7011
LOW
MaxSite CMS Antispam Plugin plugin_antispam cross site scripting
CVSS 2.4
CVE-2026-7001
LOW
Datacom DM4100 Ethernet Configuration cross site scripting
CVSS 2.4
CVE-2026-7000
LOW
Datacom DM4100 VLAN Page cross site scripting
CVSS 2.4
CVE-2026-6999
LOW
BIVOCOM TR321 Wireless Setting cross site scripting
CVSS 2.4
CVE-2026-6998
LOW
BDCOM P3310D New RMON Statistics cross site scripting
CVSS 2.4
CVE-2026-6997
LOW
BDCOM P3310D New RMON History cross site scripting
CVSS 2.4
CVE-2026-6996
LOW
BDCOM P3310D rmon event Tab cross site scripting
CVSS 2.4
CVE-2026-6995
LOW
BDCOM P3310D New User index.asp cross site scripting
CVSS 2.4
CVE-2026-6990
LOW
projeto-siga novo cross site scripting
CVSS 3.5
CVE-2026-41472
MEDIUM
CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard
CVSS 6.1
CVE-2026-41426
MEDIUM
pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates
CVSS 6.1
CVE-2026-41421
HIGH
SiYuan Desktop Notification XSS Leads to Electron RCE
CVSS 8.8
CVE-2026-41067
MEDIUM
Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
CVSS 6.1
CVE-2026-4313
LOW
Stored XSS in AdaptiveGRC
CVE-2026-41043
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
CVSS 6.5
CVE-2026-4078
MEDIUM
ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-5428
MEDIUM
Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field
CVSS 6.4
CVE-2026-41430
LOW
Press vulnerable to reflected XSS on login redirection
CVE-2026-41318
MEDIUM
AnythingLLM < 1.12.1 - Stored DOM XSS in Chart Caption Renderer
CVSS 5.4
CVE-2026-41305
MEDIUM
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
CVSS 6.1
CVE-2026-31953
MEDIUM
Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login
CVSS 6.4
CVE-2026-41241
HIGH
pretalx: Stored cross-site scripting in organiser search typeahead
CVSS 8.7
CVE-2026-41240
MEDIUM
DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
CVSS 6.1
CVE-2026-41239
MEDIUM
DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
CVSS 6.8
Details
Vulnerabilities
43,790
Exploit Likelihood
High