CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,819 vulnerabilities with CWE-79
CVE-2026-6779
MEDIUM
Mozilla Firefox and Thunderbird 150 - JavaScript Engine Memory Safety Issue
CVSS 5.3
CVE-2026-3317
MEDIUM
Reflected Cross-Site Scripting in Navigate CMS application
CVE-2026-6712
MEDIUM
Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
CVSS 4.4
CVE-2026-6711
MEDIUM
Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-40497
HIGH
FreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration)
CVSS 8.1
CVE-2026-5721
MEDIUM
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import
CVSS 4.7
CVE-2026-4852
MEDIUM
Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field
CVSS 6.4
CVE-2026-39112
MEDIUM
Apartment Visitors Management System V1.1 - XSS
CVSS 5.4
CVE-2026-23758
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter
CVSS 5.4
CVE-2026-23757
MEDIUM
GFI HelpDesk < 4.99.10 Stored XSS via Reports Module
CVSS 5.4
CVE-2026-23756
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject
CVSS 5.4
CVE-2026-23753
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter
CVSS 4.8
CVE-2026-23752
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter
CVSS 4.8
CVE-2026-6651
LOW
erponline.xyz ERP Online Inventory Edit Item cross site scripting
CVSS 2.4
CVE-2026-34429
MEDIUM
Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename
CVSS 5.4
CVE-2026-6648
LOW
Qibo CMS Internal Message cross site scripting
CVSS 3.5
CVE-2026-6633
LOW
Yifang CMS Extended Management L_rbac_admin.php store cross site scripting
CVSS 3.5
CVE-2026-6624
LOW
BichitroGan ISP Billing Software Pool List add cross site scripting
CVSS 2.4
CVE-2026-6623
LOW
BichitroGan ISP Billing Software Profile users-view cross site scripting
CVSS 2.4
CVE-2026-6622
LOW
BichitroGan ISP Billing Software Customer edit cross site scripting
CVSS 2.4
CVE-2026-6619
LOW
langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting
CVSS 3.5
CVE-2026-6600
LOW
langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting
CVSS 3.5
CVE-2026-32963
MEDIUM
SD-330AC and AMC Manager - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-6593
LOW
ComfyUI View Endpoint server.py cross site scripting
CVSS 3.5
CVE-2026-6592
LOW
ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
CVSS 3.5
Details
Vulnerabilities
44,819
Exploit Likelihood
High