CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,818 vulnerabilities with CWE-79
CVE-2026-5324
HIGH
Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value
CVSS 7.2
CVE-2026-6916
MEDIUM
Jeg Kit for Elementor <= 3.1.0 - Contributor Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-6447
MEDIUM
Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings
CVSS 4.4
CVE-2026-5113
HIGH
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input
CVSS 7.2
CVE-2026-5112
HIGH
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater
CVSS 7.2
CVE-2026-5111
HIGH
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater
CVSS 7.2
CVE-2026-5110
HIGH
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
CVSS 7.2
CVE-2026-5109
HIGH
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option
CVSS 7.2
CVE-2026-4658
MEDIUM
Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
CVSS 6.4
CVE-2026-7209
MEDIUM
Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-6378
MEDIUM
Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API
CVSS 6.4
CVE-2026-7596
MEDIUM
nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting
CVSS 4.3
CVE-2026-37503
MEDIUM
v2board < 1.7.4 - Stored Cross-Site Scripting via Theme Configuration Custom HTML Field
CVSS 6.9
CVE-2026-40201
MEDIUM
@diplodoc/search-extension 1.0.0-3.x < 3.0.3 - Stored Cross-Site Scripting via Markdown Title
CVSS 5.4
CVE-2026-6127
MEDIUM
Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API
CVSS 6.4
CVE-2026-7501
LOW
LinkStackOrg LinkStack UserController.php editPage cross site scripting
CVSS 3.5
CVE-2026-7429
MEDIUM
SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing
CVSS 4.6
CVE-2026-36766
MEDIUM
shopizer < 2.16.0 - Authenticated Cross-Site Scripting via XssHttpServletRequestWrapper
CVSS 5.4
CVE-2026-36763
MEDIUM
SpringBlade 4.8.0 - Stored Cross-Site Scripting via Notice Content Parameter
CVSS 6.1
CVE-2026-36761
MEDIUM
JeeSite 5.15.1 - Stored Cross-Site Scripting via msgContent Parameter
CVSS 6.1
CVE-2026-38940
MEDIUM
RafyMrX TOKO-ONLINE-ROTI 1.0 - Cross-Site Scripting via detail_produk.php
CVSS 6.1
CVE-2026-38939
MEDIUM
mvc-ecommerce 1.0 - Cross-Site Scripting via product_catalogue.php
CVSS 6.1
CVE-2026-1493
MEDIUM
Cross-Site Scripting in LEX Baza Dokumentów
CVSS 5.4
CVE-2026-7401
MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
CVSS 4.3
CVE-2026-7390
LOW
SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting
CVSS 3.5
Details
Vulnerabilities
44,818
Exploit Likelihood
High