CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,880 vulnerabilities with CWE-79
CVE-2026-30661
MEDIUM
iCMS 8.0.0 - Cross-Site Scripting via regip or loginip Parameters
CVSS 6.1
CVE-2026-33311
MEDIUM
@dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options
CVSS 4.7
CVE-2026-4754
MEDIUM
CWE-79 in MolotovCherry Android-ImageMagick7
CVSS 6.1
CVE-2026-4626
LOW
projectworlds Lawyer Management System lawyer_booking.php cross site scripting
CVSS 3.5
CVE-2026-4616
LOW
bolo-blog Article Title article cross site scripting
CVSS 2.4
CVE-2026-33170
MEDIUM
Active Support <8.1.2.1 - XSS
CVSS 6.1
CVE-2026-33168
LOW
Rails Action View Tag Helpers - Cross-Site Scripting
CVE-2026-33167
LOW
Action Pack 8.1 - XSS
CVE-2026-32278
HIGH
Connect-CMS 1.x-1.41.0/2.x-2.41.0 - Stored XSS
CVSS 8.2
CVE-2026-32277
HIGH
Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View
CVSS 8.7
CVE-2026-4596
LOW
projectworlds Lawyer Management System 1.0 - XSS
CVSS 3.5
CVE-2026-33548
MEDIUM
MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline
CVSS 6.1
CVE-2026-33517
MEDIUM
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
CVSS 6.1
CVE-2026-32852
MEDIUM
MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
CVSS 6.1
CVE-2026-32851
MEDIUM
MailEnable < 10.55 - Reflected Cross-Site Scripting via FreeBusy.aspx StartDate Parameter
CVSS 6.1
CVE-2026-32850
MEDIUM
MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
CVSS 6.1
CVE-2026-4595
LOW
code-projects Exam Form Submission update_s6.php cross site scripting
CVSS 2.4
CVE-2026-33683
MEDIUM
WWBN AVideo <= 26.0 - Stored Cross-Site Scripting via User Profile About Field
CVSS 5.4
CVE-2026-33500
MEDIUM
AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization
CVSS 5.4
CVE-2026-33499
MEDIUM
AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
CVSS 6.1
CVE-2026-4578
LOW
code-projects Exam Form Submission update_s3.php cross site scripting
CVSS 2.4
CVE-2026-4577
LOW
code-projects Exam Form Submission update_s4.php cross site scripting
CVSS 2.4
CVE-2026-4576
LOW
code-projects Exam Form Submission update_s5.php cross site scripting
CVSS 2.4
CVE-2026-4575
LOW
code-projects Exam Form Submission update_s2.php cross site scripting
CVSS 2.4
CVE-2026-4557
MEDIUM
code-projects Exam Form Submission update_s1.php cross site scripting
CVSS 4.3
Details
Vulnerabilities
44,880
Exploit Likelihood
High