CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,819 vulnerabilities with CWE-79
CVE-2026-7390
LOW
SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting
CVSS 3.5
CVE-2026-40230
MEDIUM
Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering
CVSS 5.4
CVE-2026-40229
MEDIUM
Helpy 2.8.0 - Stored XSS in post author display via PostsHelper
CVSS 5.4
CVE-2026-42524
HIGH
Jenkins HTML Publisher Plugin < 427 - Stored Cross-Site Scripting in Legacy Wrapper File
CVSS 8.0
CVE-2026-42523
CRITICAL
Jenkins GitHub Plugin < 1.46.0 - Stored Cross-Site Scripting via GitHub Hook Trigger Validation
CVSS 9.0
CVE-2026-42652
HIGH
WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42643
MEDIUM
WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-2902
MEDIUM
WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment
CVSS 6.1
CVE-2026-42615
HIGH
GCHQ CyberChef < 11.0.0 - Cross-Site Scripting via Show Base64 Offsets
CVSS 7.2
CVE-2026-7297
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting
CVSS 2.4
CVE-2026-7296
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting
CVSS 2.4
CVE-2026-37750
MEDIUM
School Management System - Unauthenticated Reflected Cross-Site Scripting via register.php type Parameter
CVSS 6.1
CVE-2026-7295
LOW
SourceCodester Pizzafy Ecommerce System ajax.php save_menu cross site scripting
CVSS 2.4
CVE-2026-7294
LOW
SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting
CVSS 2.4
CVE-2026-38949
HIGH
HTMLy 3.1.1 - Stored Cross-Site Scripting via Content Creation Endpoint
CVSS 8.9
CVE-2026-38948
MEDIUM
FUEL CMS <= 1.5.2 - Authenticated Stored Cross-Site Scripting via SVG Upload
CVSS 5.4
CVE-2026-7281
LOW
SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
CVSS 2.4
CVE-2026-7269
LOW
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 2.4
CVE-2026-4805
MEDIUM
Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
CVSS 6.4
CVE-2026-7230
MEDIUM
SourceCodester Safety Anger Pad cross site scripting
CVSS 4.3
CVE-2026-6809
MEDIUM
Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed
CVSS 6.4
CVE-2026-6725
MEDIUM
WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2026-6551
MEDIUM
Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute
CVSS 6.4
CVE-2026-7222
LOW
code-projects Coaching Management System Complaint Form complaint.php cross site scripting
CVSS 3.5
CVE-2026-7200
MEDIUM
SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
CVSS 4.3
Details
Vulnerabilities
44,819
Exploit Likelihood
High