CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,846 vulnerabilities with CWE-79
CVE-2026-27246
CRITICAL
Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 9.3
CVE-2026-27245
CRITICAL
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
CVSS 9.3
CVE-2026-27243
CRITICAL
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
CVSS 9.3
CVE-2026-24907
MEDIUM
October CMS has Stored XSS via Event Log Mail Preview
CVSS 5.4
CVE-2026-24906
MEDIUM
October CMS has Stored XSS in its Backend Editor Markup Classes
CVSS 5.4
CVE-2026-21331
MEDIUM
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
CVSS 6.1
CVE-2026-20945
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 4.6
CVE-2026-39812
MEDIUM
FortiSandbox 4.2-5.0.5 - Cross-Site Scripting
CVSS 4.8
CVE-2026-22154
MEDIUM
FortiSOAR 7.3-7.6.3 - Authenticated Stored Cross-Site Scripting via HTTP Requests
CVSS 4.6
CVE-2026-4914
MEDIUM
Ivanti Neurons for ITSM < 2025.4 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-4369
HIGH
Autodesk Fusion < 2702.1.47 - Assembly Variant Stored Cross-Site Scripting
CVSS 7.1
CVE-2026-4345
HIGH
Autodesk Fusion >=2606.0 <2702.1.47 - Stored Cross-Site Scripting via Design Name in CSV Export
CVSS 7.1
CVE-2026-4344
HIGH
Autodesk Fusion < 2702.1.47 - Component Name Stored Cross-Site Scripting
CVSS 7.1
CVE-2026-37980
MEDIUM
Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page
CVSS 6.9
CVE-2026-4479
MEDIUM
WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-4059
MEDIUM
ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute
CVSS 6.4
CVE-2026-1607
MEDIUM
Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS 6.4
CVE-2026-4388
HIGH
Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box
CVSS 7.2
CVE-2026-39426
MEDIUM
MaxKB: Stored XSS via Unsanitized iframe_render Parsing
CVSS 5.4
CVE-2026-39423
MEDIUM
Stored XSS via Eval Injection in EchartsRander Component
CVSS 5.4
CVE-2026-39422
MEDIUM
MaxKB has Stored XSS via ChatHeadersMiddleware
CVSS 5.4
CVE-2026-27683
MEDIUM
Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
CVSS 4.1
CVE-2026-0512
MEDIUM
Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
CVSS 6.1
CVE-2026-6218
MEDIUM
aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting
CVSS 4.3
CVE-2026-6216
LOW
DbGate SVG Icon String FontIcon.svelte cross site scripting
CVSS 3.5
Details
Vulnerabilities
44,846
Exploit Likelihood
High