CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,858 vulnerabilities with CWE-79
CVE-2026-5835
LOW
code-projects Online Shoe Store admin_football.php cross site scripting
CVSS 2.4
CVE-2026-5834
LOW
code-projects Online Shoe Store admin_running.php cross site scripting
CVSS 2.4
CVE-2026-5357
MEDIUM
Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-4429
MEDIUM
OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute
CVSS 6.4
CVE-2026-3574
MEDIUM
Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting
CVSS 4.4
CVE-2026-5826
MEDIUM
code-projects Simple IT Discussion Forum edit-category.php cross site scripting
CVSS 4.3
CVE-2026-5825
MEDIUM
code-projects Simple Laundry System delmemberinfo.php cross site scripting
CVSS 4.3
CVE-2026-4332
MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVSS 5.4
CVE-2026-3438
MEDIUM
Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages
CVE-2026-5810
LOW
SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting
CVSS 3.5
CVE-2026-5808
MEDIUM
openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting
CVSS 4.3
CVE-2026-5806
LOW
code-projects Easy Blog Site update.php cross site scripting
CVSS 3.5
CVE-2026-5711
MEDIUM
Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute
CVSS 6.4
CVE-2026-40028
MEDIUM
Hayabusa < 3.8.0 XSS via JSON Log Import
CVSS 5.4
CVE-2026-5451
MEDIUM
Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode
CVSS 6.4
CVE-2026-39416
MEDIUM
Stored XSS in modal item preview for long item content in AIL Framework
CVSS 6.1
CVE-2026-35455
HIGH
immich has Stored XSS via OCR Text in 360° Panorama Viewer
CVSS 7.3
CVE-2026-35403
MEDIUM
LORIS has potential cross-site scripting in survey_accounts module
CVSS 6.5
CVE-2026-35169
HIGH
LORIS has potential cross-site scripting in help_editor module
CVSS 8.7
CVE-2026-39392
MEDIUM
CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization
CVSS 5.5
CVE-2026-39391
MEDIUM
CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List
CVSS 4.8
CVE-2026-39390
MEDIUM
CI4MS has Stored XSS via srcdoc attribute bypass in Google Maps iframe setting
CVSS 5.5
CVE-2026-2509
MEDIUM
Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes
CVSS 6.4
CVE-2026-5301
HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui
CVSS 7.6
CVE-2026-2481
MEDIUM
Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'
CVSS 6.4
Details
Vulnerabilities
44,858
Exploit Likelihood
High