CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,869 vulnerabilities with CWE-79
CVE-2026-30567
MEDIUM
SourceCodester Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30571
MEDIUM
SourceCodester Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30570
MEDIUM
SourceCodester Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30569
MEDIUM
SourceCodester Inventory System 1.0 - XSS
CVSS 6.1
CVE-2026-30527
MEDIUM
SourceCodester Online Food Ordering System 1.0 - XSS
CVSS 5.4
CVE-2026-5026
MEDIUM
Langflow - Stored XSS via Malicious SVG Upload
CVSS 5.4
CVE-2026-5010
MEDIUM
Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu
CVE-2026-33758
MEDIUM
OpenBao has Reflected XSS in its OIDC authentication error message
CVSS 6.1
CVE-2026-32859
MEDIUM
ByteDance DeerFlow Stored XSS via Inline Artifact Rendering
CVSS 5.4
CVE-2026-25100
MEDIUM
Stored XSS via SVG File Upload in Bludit
CVSS 5.4
CVE-2026-3457
HIGH
Thales Sentinel LDK Runtime < 10.22 - Stored Cross-Site Scripting
CVE-2026-33559
MEDIUM
OpenStreetMap < 6.1.15 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-4909
LOW
code-projects Exam Form Submission update_s7.php cross site scripting
CVSS 2.4
CVE-2026-4899
LOW
code-projects Online Food Ordering System food.php cross site scripting
CVSS 2.4
CVE-2026-4898
MEDIUM
code-projects Online Food Ordering System contact.php cross site scripting
CVSS 4.3
CVE-2026-33673
HIGH
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables
CVSS 7.6
CVE-2026-33664
HIGH
Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields
CVSS 7.3
CVE-2026-33653
MEDIUM
Uploady Vulnerable to Stored Cross-Site Scripting (XSS)
CVSS 4.6
CVE-2026-3529
MEDIUM
Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
CVSS 6.1
CVE-2026-3528
MEDIUM
Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023
CVSS 6.1
CVE-2026-33742
MEDIUM
Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes
CVSS 5.4
CVE-2026-33738
MEDIUM
Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
CVSS 5.4
CVE-2026-33628
MEDIUM
Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items
CVSS 5.4
CVE-2026-33525
MEDIUM
Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting
CVSS 6.1
CVE-2026-29969
MEDIUM
staffwiki 7.0.1.19219 - Cross-Site Scripting via wff_cols_pref.css.aspx Endpoint
CVSS 6.1
Details
Vulnerabilities
44,869
Exploit Likelihood
High