CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,894 vulnerabilities with CWE-79
CVE-2026-33548
MEDIUM
MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline
CVSS 6.1
CVE-2026-33517
MEDIUM
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
CVSS 6.1
CVE-2026-32852
MEDIUM
MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter
CVSS 6.1
CVE-2026-32851
MEDIUM
MailEnable < 10.55 - Reflected Cross-Site Scripting via FreeBusy.aspx StartDate Parameter
CVSS 6.1
CVE-2026-32850
MEDIUM
MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter
CVSS 6.1
CVE-2026-4595
LOW
code-projects Exam Form Submission update_s6.php cross site scripting
CVSS 2.4
CVE-2026-33683
MEDIUM
WWBN AVideo <= 26.0 - Stored Cross-Site Scripting via User Profile About Field
CVSS 5.4
CVE-2026-33500
MEDIUM
AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization
CVSS 5.4
CVE-2026-33499
MEDIUM
AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php
CVSS 6.1
CVE-2026-4578
LOW
code-projects Exam Form Submission update_s3.php cross site scripting
CVSS 2.4
CVE-2026-4577
LOW
code-projects Exam Form Submission update_s4.php cross site scripting
CVSS 2.4
CVE-2026-4576
LOW
code-projects Exam Form Submission update_s5.php cross site scripting
CVSS 2.4
CVE-2026-4575
LOW
code-projects Exam Form Submission update_s2.php cross site scripting
CVSS 2.4
CVE-2026-4557
MEDIUM
code-projects Exam Form Submission update_s1.php cross site scripting
CVSS 4.3
CVE-2026-33295
MEDIUM
AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php
CVSS 5.4
CVE-2026-4544
LOW
Wavlink WL-WN578W2 POST Request login.cgi cross site scripting
CVSS 2.4
CVE-2026-3427
MEDIUM
Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute
CVSS 6.4
CVE-2026-4510
MEDIUM
PbootCMS Parameter MemberController.php alert_location cross site scripting
CVSS 4.3
CVE-2026-4161
MEDIUM
Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-4086
MEDIUM
WP Random Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute
CVSS 6.4
CVE-2026-4084
MEDIUM
fyyd podcast shortcodes <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
CVSS 6.4
CVE-2026-4077
MEDIUM
Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
CVSS 6.4
CVE-2026-4072
MEDIUM
WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute
CVSS 6.4
CVE-2026-4069
MEDIUM
Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter
CVSS 6.1
CVE-2026-4067
MEDIUM
Ad Short <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute
CVSS 6.4
Details
Vulnerabilities
44,894
Exploit Likelihood
High