CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,846 vulnerabilities with CWE-79
CVE-2026-20059
MEDIUM
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
CVSS 6.1
CVE-2026-40734
MEDIUM
WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-5717
MEDIUM
VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute
CVSS 6.4
CVE-2026-5694
HIGH
Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2026-4011
MEDIUM
Power Charts <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-4005
MEDIUM
Coachific Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute
CVSS 6.4
CVE-2026-3998
MEDIUM
WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute
CVSS 6.4
CVE-2026-3659
MEDIUM
WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-3643
HIGH
WordPress Accessibly <= 3.0.3 - Unauthenticated Stored Cross-Site Scripting
CVSS 7.2
CVE-2026-5160
MEDIUM
github.com/yuin/goldmark/renderer/html < 1.7.17 - Cross-Site Scripting via HTML Entity Encoding Bypass
CVSS 6.1
CVE-2026-26291
MEDIUM
GROWI <= v7.4.6 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-40096
MEDIUM
immich: Open Redirect via Shared Album name
CVSS 5.4
CVE-2026-2834
HIGH
Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter
CVSS 7.2
CVE-2026-2396
MEDIUM
List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description
CVSS 4.4
CVE-2026-34212
MEDIUM
Docmost page content has stored XSS via unsanitized attachment URLs
CVSS 5.4
CVE-2026-33193
MEDIUM
Docmost vulnerable to stored XSS via MIME type spoofing
CVSS 4.6
CVE-2026-34161
MEDIUM
Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution
CVSS 5.4
CVE-2026-25133
MEDIUM
October CMS has Stored XSS via SVG Filter Bypass
CVSS 4.8
CVE-2026-34625
MEDIUM
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 5.4
CVE-2026-34624
MEDIUM
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 5.4
CVE-2026-34623
MEDIUM
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 5.4
CVE-2026-34617
HIGH
Adobe Connect | Cross-site Scripting (XSS) (CWE-79)
CVSS 8.7
CVE-2026-34614
MEDIUM
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
CVSS 6.1
CVE-2026-32196
MEDIUM
Windows Admin Center Spoofing Vulnerability
CVSS 6.1
CVE-2026-27288
MEDIUM
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 5.4
Details
Vulnerabilities
44,846
Exploit Likelihood
High