CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
43,800 vulnerabilities with CWE-79
CVE-2026-41061
MEDIUM
WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver
CVSS 5.4
CVE-2026-40927
MEDIUM
Docmost: XSS in Comments with JavaScript URI
CVSS 5.4
CVE-2026-40878
LOW
mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping
CVE-2026-40875
HIGH
mailcow: dockerized vulnerable to stored XSS in user login history real_rip
CVE-2026-40873
HIGH
mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames
CVE-2026-40872
CRITICAL
mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field
CVE-2026-6745
LOW
Bagisto Custom Scripts cross site scripting
CVSS 3.5
CVE-2026-41456
MEDIUM
Bludit CMS Reflected XSS via Search Plugin
CVE-2026-6743
LOW
WebSystems WebTOTUM Calendar cross site scripting
CVSS 3.5
CVE-2026-40568
HIGH
FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization
CVSS 8.5
CVE-2026-35451
MEDIUM
Twenty: Stored XSS via BlockNote FileBlock
CVSS 5.7
CVE-2026-27937
LOW
October: Reflected XSS via DataTable Form Widget
CVSS 3.1
CVE-2026-40565
MEDIUM
FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href
CVSS 6.1
CVE-2026-31013
MEDIUM
Dovestones Softwares ADPhonebook <4.0.1.1 - XSS
CVSS 6.1
CVE-2026-6779
MEDIUM
Other issue in the JavaScript Engine component
CVSS 5.3
CVE-2026-3317
MEDIUM
Reflected Cross-Site Scripting in Navigate CMS application
CVE-2026-6712
MEDIUM
Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
CVSS 4.4
CVE-2026-6711
MEDIUM
Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-40497
HIGH
FreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration)
CVSS 8.1
CVE-2026-5721
MEDIUM
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import
CVSS 4.7
CVE-2026-4852
MEDIUM
Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field
CVSS 6.4
CVE-2026-39112
MEDIUM
Apartment Visitors Management System V1.1 - XSS
CVSS 5.4
CVE-2026-23758
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter
CVSS 5.4
CVE-2026-23757
MEDIUM
GFI HelpDesk < 4.99.10 Stored XSS via Reports Module
CVSS 5.4
CVE-2026-23756
MEDIUM
GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject
CVSS 5.4
Details
Vulnerabilities
43,800
Exploit Likelihood
High