CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,880 vulnerabilities with CWE-79
CVE-2026-4845
MEDIUM
dameng100 muucmf index.html cross site scripting
CVSS 4.3
CVE-2026-4389
MEDIUM
DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute
CVSS 6.4
CVE-2026-4329
HIGH
Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header
CVSS 7.2
CVE-2026-4278
MEDIUM
Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
CVSS 6.4
CVE-2026-4335
MEDIUM
ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title
CVSS 5.4
CVE-2026-4075
MEDIUM
BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute
CVSS 6.4
CVE-2026-1986
MEDIUM
FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter
CVSS 6.1
CVE-2026-4835
LOW
code-projects Accounting System Web Application add_costumer.php cross site scripting
CVSS 3.5
CVE-2026-33933
MEDIUM
Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
CVSS 6.1
CVE-2026-33932
HIGH
OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes
CVSS 7.6
CVE-2026-33912
MEDIUM
OpenEMR has reflected XSS in ajax_download.php via reportID parameter
CVSS 5.4
CVE-2026-33911
MEDIUM
OpenEMR vulnerable to reflected XSS in graphs.php via title parameter
CVSS 5.4
CVE-2026-33348
HIGH
OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3
CVSS 8.7
CVE-2026-2485
MEDIUM
IBM InfoSphere Information Server Cross-Site Scripting
CVSS 4.8
CVE-2026-2483
MEDIUM
IBM InfoSphere Information Server Cross-Site Scripting
CVSS 5.4
CVE-2026-33749
CRITICAL
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
CVSS 9.0
CVE-2026-1001
MEDIUM
Domoticz < 2026.1 Stored XSS via Hardware Configuration Endpoint
CVSS 4.8
CVE-2026-30587
HIGH
Seafile Server <13.0.17 - Stored XSS
CVSS 8.7
CVE-2026-32545
HIGH
WordPress Taboola Pixel plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32544
HIGH
WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32542
HIGH
WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32540
HIGH
WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32532
HIGH
WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32529
HIGH
WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32528
HIGH
WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities
44,880
Exploit Likelihood
High