CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,928 vulnerabilities with CWE-79
CVE-2026-31868
MEDIUM
Parse Server <9.6.0-alpha.4/8.6.30 - XSS
CVSS 6.1
CVE-2026-31859
MEDIUM
Craft CMS 4.15.3-4.17.3 - Reflected Cross-Site Scripting via Unsanitized Return URL
CVSS 6.1
CVE-2026-30235
MEDIUM
OpenProject <17.2.0 - DOM Clobbering
CVSS 6.5
CVE-2026-20162
MEDIUM
Splunk Enterprise <10.2.0 - Stored XSS
CVSS 6.3
CVE-2026-20117
MEDIUM
Cisco Unified Contact Center Express - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2026-20116
MEDIUM
Cisco Finesse/Packaged CCE/Unified CCE/Unified CCX/Unified Intellig...
CVSS 6.1
CVE-2026-1090
HIGH
GitLab 10.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Stored XSS via Markdown Injection
CVSS 8.7
CVE-2026-3946
LOW
PHPEMS 11.0 - Cross-Site Scripting via askcontent Parameter
CVSS 3.5
CVE-2026-3178
HIGH
Name Directory Plugin <1.32.1 - XSS
CVSS 7.2
CVE-2026-3492
MEDIUM
Gravity Forms <2.9.28.1 - Stored XSS
CVSS 6.4
CVE-2026-3231
HIGH
Checkout Field Editor for WooCommerce <=2.1.7 - XSS
CVSS 7.2
CVE-2026-1454
HIGH
Responsive Contact Form Builder & Lead Generation Plugin <=2.0.1 - XSS
CVSS 7.2
CVE-2026-3825
MEDIUM
WellChoose Organization Portal System < iftop_p4_181 - Authenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-3534
MEDIUM
Astra <= 4.12.3 - Authenticated Stored Cross-Site Scripting via Post Meta Fields
CVSS 6.4
CVE-2026-3884
MEDIUM
spin.js < 3.0.0 - Cross-Site Scripting via Prototype Pollution in spin() Function
CVSS 6.1
CVE-2026-2707
MEDIUM
weForms < 1.6.27 - Authenticated Stored Cross-Site Scripting via REST API Entry Submission
CVSS 6.4
CVE-2026-2466
HIGH
DukaPress WordPress Plugin <3.2.4 - XSS
CVSS 7.1
CVE-2026-2358
MEDIUM
WP ULike Plugin <5.0.1 - Stored XSS
CVSS 6.4
CVE-2026-21361
HIGH
Adobe Commerce <=2.4.9-alpha3 - XSS
CVSS 8.1
CVE-2026-21311
HIGH
Adobe Commerce <=2.4.9-alpha3 - Stored XSS
CVSS 8.0
CVE-2026-21292
MEDIUM
Adobe Commerce <=2.4.9-alpha3 - XSS
CVSS 5.4
CVE-2026-21291
MEDIUM
Adobe Commerce <=2.4.9-alpha3 - Stored XSS
CVSS 4.8
CVE-2026-21290
HIGH
Adobe Commerce <=2.4.9-alpha3 - Stored XSS
CVSS 8.7
CVE-2026-21284
HIGH
Adobe Commerce <=2.4.9-alpha3 - Stored XSS
CVSS 8.1
CVE-2026-27266
MEDIUM
Adobe Experience Manager <6.5.23 - XSS
CVSS 5.4
Details
Vulnerabilities
44,928
Exploit Likelihood
High