CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,734 vulnerabilities with CWE-79
CVE-2026-45481
HIGH
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 7.3
CVE-2026-45479
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 4.6
CVE-2026-45468
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 4.6
CVE-2026-45467
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 4.6
CVE-2026-45465
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 5.4
CVE-2026-45464
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 5.4
CVE-2026-45462
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 4.6
CVE-2026-45453
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 5.4
CVE-2026-42599
MEDIUM
Cross-site scripting via spread attributes in Svelte SSR
CVSS 6.1
CVE-2026-42573
MEDIUM
Svelte: XSS via DOM Clobbering of Internal Framework State
CVSS 6.1
CVE-2026-41098
HIGH
Azure Stack Edge Spoofing Vulnerability
CVSS 8.4
CVE-2026-34692
MEDIUM
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVSS 5.4
CVE-2026-33113
MEDIUM
Microsoft SharePoint Server Spoofing Vulnerability
CVSS 5.4
CVE-2026-47901
MEDIUM
Iframe escape by plugins in Logseq
CVE-2026-47900
MEDIUM
Stored XSS via Unsanitized Plugin Metadata in Logseq
CVE-2026-47348
MEDIUM
TYPO3 CMS - Cross-Site Scripting in Indexed Search
CVE-2026-41031
HIGH
A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor
CVSS 8.7
CVE-2026-8677
MEDIUM
Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings
CVSS 6.4
CVE-2026-8599
MEDIUM
MailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content Field
CVSS 6.4
CVE-2026-34033
MEDIUM
Apache Answer: HTML Content Injection in Email
CVSS 5.4
CVE-2026-8981
LOW
Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
CVSS 3.5
CVE-2026-41539
MEDIUM
QNAP Systems - QTS, QuTS Hero
CVSS 6.1
CVE-2026-8977
MEDIUM
WP GDPR Cookie Consent <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'ninja_gdpr_ajax_actions' AJAX Action
CVSS 6.4
CVE-2026-8895
MEDIUM
kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8883
MEDIUM
Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities
44,734
Exploit Likelihood
High