CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
43,790 vulnerabilities with CWE-79
CVE-2026-41238
MEDIUM
DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
CVSS 6.9
CVE-2026-40472
CRITICAL
Hackage package metadata stored XSS vulnerability
CVSS 9.9
CVE-2026-40470
CRITICAL
Hackage package and doc upload stored XSS vulnerability
CVSS 9.9
CVE-2026-28040
MEDIUM
WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-4512
LOW
WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS
CVSS 3.5
CVE-2026-3361
MEDIUM
WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta
CVSS 6.4
CVE-2026-2951
MEDIUM
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML
CVSS 5.4
CVE-2026-41200
HIGH
STIG Manager has reflected XSS vulnerability in the Web App
CVE-2026-1923
MEDIUM
Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id
CVSS 6.4
CVE-2026-4919
MEDIUM
IBM Guardium Data Protection is affected by multiple vulnerabilities
CVSS 4.8
CVE-2026-4918
MEDIUM
IBM Guardium Data Protection is affected by multiple vulnerabilities
CVSS 5.5
CVE-2026-3837
MEDIUM
Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters
CVE-2026-3673
MEDIUM
Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer
CVE-2026-5262
HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVSS 8.0
CVE-2026-30139
MEDIUM
Silverpeas Core <6.4.6 - XSS
CVSS 6.1
CVE-2026-1913
MEDIUM
Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute
CVSS 6.4
CVE-2026-1395
MEDIUM
Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes
CVSS 6.4
CVE-2026-6246
MEDIUM
Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute
CVSS 6.4
CVE-2026-6236
MEDIUM
Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute
CVSS 6.4
CVE-2026-6041
MEDIUM
Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
CVSS 4.4
CVE-2026-5820
MEDIUM
Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block
CVSS 6.4
CVE-2026-5767
MEDIUM
SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute
CVSS 6.4
CVE-2026-5748
MEDIUM
Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute
CVSS 6.4
CVE-2026-4353
MEDIUM
CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-4279
MEDIUM
Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
43,790
Exploit Likelihood
High