CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,924 vulnerabilities with CWE-79
CVE-2026-25438
HIGH
WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-21788
MEDIUM
HCL Connections 8 - Cross-Site Scripting
CVSS 5.4
CVE-2026-4120
MEDIUM
Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
CVSS 6.4
CVE-2026-4006
MEDIUM
Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter
CVSS 6.4
CVE-2026-28073
HIGH
WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-28044
MEDIUM
WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-1238
HIGH
SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'
CVSS 7.2
CVE-2026-1276
MEDIUM
IBM QRadar SIEM Cross-Site Scripting
CVSS 5.4
CVE-2026-32728
HIGH
Parse Server File Uploads - Stored Cross-Site Scripting Filter Bypass
CVSS 7.6
CVE-2026-32722
LOW
Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
CVSS 3.6
CVE-2026-32703
CRITICAL
OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy
CVSS 9.0
CVE-2026-30048
MEDIUM
NotChatbot WebChat thru 1.4.4 - XSS
CVSS 5.4
CVE-2026-29859
CRITICAL
aaPanel v7.57.0 - Arbitrary File Upload
CVSS 9.8
CVE-2026-30695
MEDIUM
Zucchetti Axess XA4/X3/X3BIO/X4/X7/XIO/i-door/i-door+ - XSS
CVSS 6.1
CVE-2026-3090
HIGH
Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'
CVSS 7.2
CVE-2026-2512
MEDIUM
Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields
CVSS 6.4
CVE-2026-3278
MEDIUM
XSS Vulnerability discovered in OpenText™ ZENworks Service Desk.
CVSS 6.1
CVE-2026-22322
HIGH
Stored Cross‑Site Scripting in Link Aggregation Name Handling
CVSS 7.1
CVE-2026-3512
MEDIUM
Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter
CVSS 6.1
CVE-2026-31938
CRITICAL
jsPDF has HTML Injection in New Window paths
CVSS 9.6
CVE-2026-1780
MEDIUM
[CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-4356
LOW
itsourcecode University Management System add_result.php cross site scripting
CVSS 2.4
CVE-2026-4268
MEDIUM
WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings
CVSS 6.4
CVE-2026-28499
MEDIUM
Vapor LeafKit < 1.14.2 - Collection Value Cross-Site Scripting
CVSS 6.1
CVE-2026-4355
LOW
Portabilis i-Educar Endpoint educar_servidor_curso_lst.php cross site scripting
CVSS 3.5
Details
Vulnerabilities
44,924
Exploit Likelihood
High