CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,924 vulnerabilities with CWE-79
CVE-2026-32449
MEDIUM
Themify Event Post <= 1.3.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-32448
MEDIUM
Podlove Podcast Publisher <=4.3.3 - XSS
CVSS 6.5
CVE-2026-32431
MEDIUM
Astra Bulk Edit <=1.2.10 - DOM-Based XSS
CVSS 6.5
CVE-2026-32430
MEDIUM
PowerPack Addons for Elementor <=2.9.9 - XSS
CVSS 6.5
CVE-2026-32429
MEDIUM
Magical Addons For Elementor <=1.4.1 - Stored XSS
CVSS 6.5
CVE-2026-32424
MEDIUM
BoldGrid Sprout Clients <=3.2.2 - XSS
CVSS 6.5
CVE-2026-32419
MEDIUM
List category posts <=0.93.1 - DOM-Based XSS
CVSS 5.9
CVE-2026-32411
MEDIUM
Simpma Embed Calendly <= 4.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-32403
MEDIUM
Toocheke Companion <=1.194 - DOM-Based XSS
CVSS 6.5
CVE-2026-32361
MEDIUM
Editorial Calendar <=3.9.0 - DOM-Based XSS
CVSS 6.5
CVE-2026-32360
MEDIUM
Rich Showcase for Google Reviews <=6.9.4.3 - Stored XSS
CVSS 5.9
CVE-2026-32359
MEDIUM
bPlugins Icon List Block <=1.2.3 - XSS
CVSS 6.5
CVE-2026-32356
MEDIUM
Robo Gallery <=5.1.2 - DOM-Based XSS
CVSS 6.5
CVE-2026-32352
MEDIUM
Elementor Website Builder <=3.35.5 - DOM-Based XSS
CVSS 6.5
CVE-2026-32351
MEDIUM
PowerPress Podcasting <=11.15.13 - XSS
CVSS 5.9
CVE-2026-32308
HIGH
OneUptime < 10.0.23 - Stored Cross-Site Scripting via Mermaid Diagram Click Directive
CVSS 7.6
CVE-2026-31918
MEDIUM
immonex immonex-kickstart <=1.13.0 - XSS
CVSS 6.5
CVE-2026-22210
MEDIUM
wpDiscuz < 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs
CVSS 4.4
CVE-2026-22209
MEDIUM
wpDiscuz < 7.6.47 - Authenticated Stored Cross-Site Scripting via Custom CSS Field
CVSS 5.5
CVE-2026-22183
MEDIUM
wpDiscuz < 7.6.47 - Authenticated Stored Cross-Site Scripting in Inline Comment Preview
CVSS 6.1
CVE-2026-0835
MEDIUM
IBM Sterling B2B Integrator 6.1.0.0-6.1.2.7_2 - XSS
CVSS 5.4
CVE-2026-32139
MEDIUM
DataEase < 2.10.20 - Stored Cross-Site Scripting via SVG Upload
CVSS 5.4
CVE-2026-31873
NONE
unjs/unhead < 2.1.11 - Cross-Site Scripting via Case-Insensitive URI Scheme Bypass
CVE-2026-31860
MEDIUM
unjs/unhead < 2.1.11 - Cross-Site Scripting via useHeadSafe() Attribute Injection
CVSS 6.1
CVE-2026-25529
HIGH
Postal < 3.3.5 - Stored Cross-Site Scripting via Admin Interface HTML Injection
CVSS 8.1
Details
Vulnerabilities
44,924
Exploit Likelihood
High