CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,867 vulnerabilities with CWE-79
CVE-2026-39332
HIGH
ChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.php
CVSS 8.7
CVE-2026-39328
HIGH
ChurchCRM has Stored XSS in Social Profile Fields
CVSS 8.9
CVE-2026-35576
HIGH
ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php
CVSS 8.7
CVE-2026-35575
HIGH
ChurchCRM has Stored XSS in Group Name
CVSS 8.0
CVE-2026-35608
MEDIUM
QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution
CVSS 6.1
CVE-2026-35574
HIGH
ChurchCRM <6.5.3 Person Profile Notes - Stored Cross-Site Scripting
CVSS 7.3
CVE-2026-35571
MEDIUM
Emissary has Stored XSS via Navigation Template Link Injection
CVSS 4.8
CVE-2026-35534
HIGH
ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection
CVSS 7.6
CVE-2026-35460
MEDIUM
Papra <26.4.0 Transactional Emails - HTML Injection
CVSS 4.3
CVE-2026-3466
MEDIUM
Cross-site scripting in dashlet title
CVSS 5.4
CVE-2026-33865
MEDIUM
Stored XSS via unsafe YAML parsing in MLflow
CVSS 5.4
CVE-2026-4420
MEDIUM
Stored XSS via Page Creating functionality in Bludit
CVSS 5.4
CVE-2026-5705
MEDIUM
code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting
CVSS 4.3
CVE-2026-22675
MEDIUM
OCS Inventory NG Server Stored XSS via User-Agent
CVSS 5.4
CVE-2026-35399
MEDIUM
WeGIA has Stored XSS in backup file names
CVSS 6.1
CVE-2026-35390
MEDIUM
Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks
CVSS 5.4
CVE-2026-35208
MEDIUM
lichess.org Stream Titles - HTML Injection
CVSS 5.4
CVE-2026-5671
MEDIUM
Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting
CVSS 4.3
CVE-2026-35166
MEDIUM
Hugo does not properly escape some Markdown links
CVSS 5.4
CVE-2026-35052
CRITICAL
D-Tale affected by Remote Code Execution through redis/shelf storage
CVSS 9.8
CVE-2026-35046
MEDIUM
Tandoor Recipes <2.6.4 Recipe Instructions - Stored CSS Injection
CVSS 5.4
CVE-2026-5668
LOW
Cyber-III Student-Management-System add%20notice.php cross site scripting
CVSS 2.4
CVE-2026-35035
HIGH
CI4MS < 0.31.2.0 - Stored DOM XSS on Public-Facing Company Information Page
CVSS 7.2
CVE-2026-34989
CRITICAL
CI4MS <31.0.0.0 Profile Names - Stored Cross-Site Scripting
CVSS 9.0
CVE-2026-31313
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting in Content Field
CVSS 5.4
Details
Vulnerabilities
44,867
Exploit Likelihood
High