CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,867 vulnerabilities with CWE-79
CVE-2026-34951
MEDIUM
Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions
CVSS 6.1
CVE-2026-33405
LOW
Pi-hole Web 6.0-6.4.1 queries.js - Stored HTML Injection
CVSS 3.1
CVE-2026-31354
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored XSS
CVSS 5.4
CVE-2026-31353
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Category Name Parameter
CVSS 5.4
CVE-2026-31352
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Role Name Parameter
CVSS 5.4
CVE-2026-31351
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 4.8
CVE-2026-31350
MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Page Sign Parameter
CVSS 5.4
CVE-2026-34897
MEDIUM
WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-33406
MEDIUM
Pi-hole Web 6.0-6.4.1 Settings - HTML Attribute Injection
CVSS 5.4
CVE-2026-33404
LOW
Pi-hole Web 6.0-6.4.1 Network Dashboard - Stored HTML Injection
CVSS 3.4
CVE-2026-33403
MEDIUM
Pi-hole Web 6.0-6.4.1 taillog.js - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-31153
MEDIUM
Bynder v0.1.394 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-26027
HIGH
GLPI 11.0.0-11.0.5 Inventory - Unauthenticated Stored Cross-Site Scripting
CVSS 7.5
CVE-2026-25932
HIGH
GLPI has Stored XSS in Supplier 'Website' field
CVSS 7.2
CVE-2026-5647
LOW
code-projects Online Shoe Store Add Product admin_feature.php cross site scripting
CVSS 2.4
CVE-2026-5644
LOW
Cyber-III Student-Management-System batch-notice.php cross site scripting
CVSS 2.4
CVE-2026-5643
LOW
Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting
CVSS 2.4
CVE-2026-5630
MEDIUM
assafelovic gpt-researcher Report API app.py cross site scripting
CVSS 4.3
CVE-2026-5625
MEDIUM
assafelovic gpt-researcher WebSocket researcher.py cross site scripting
CVSS 4.3
CVE-2026-5615
MEDIUM
givanz Vvvebjs File Upload Endpoint upload.php cross site scripting
CVSS 4.3
CVE-2026-5568
LOW
Akaunting Invoice/Billing cross site scripting
CVSS 3.5
CVE-2026-5542
MEDIUM
code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting
CVSS 4.3
CVE-2026-5541
MEDIUM
code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting
CVSS 4.3
CVE-2026-5539
MEDIUM
code-projects Simple Laundry System Parameter modifymember.php cross site scripting
CVSS 4.3
CVE-2026-5533
MEDIUM
badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting
CVSS 4.3
Details
Vulnerabilities
44,867
Exploit Likelihood
High