CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,930 vulnerabilities with CWE-79
CVE-2026-29048
MEDIUM
HumHub 1.18.0 - Stored Cross-Site Scripting in Button Component
CVSS 6.1
CVE-2026-29038
MEDIUM
changedetection.io < 0.54.4 - Reflected Cross-Site Scripting via RSS Tag Endpoint
CVSS 6.1
CVE-2026-28683
HIGH
Gokapi < 2.2.3 - Authenticated Stored Cross-Site Scripting via SVG Hotlink
CVSS 8.7
CVE-2026-28509
MEDIUM
langbot < 4.8.7 - Cross-Site Scripting via rehypeRaw HTML Rendering
CVSS 6.3
CVE-2026-27605
MEDIUM
Chartbrew < 4.8.4 - Unauthenticated Arbitrary File Upload and Stored Cross-Site Scripting via Project Logo Upload
CVSS 6.3
CVE-2026-3610
MEDIUM
HSC Cybersecurity Mailinspector <5.3.2-3 - XSS
CVSS 4.3
CVE-2026-2593
MEDIUM
Greenshift Plugin <12.8.5 - Stored XSS
CVSS 6.4
CVE-2026-28436
HIGH
frappe < 15.102.0 - Stored Cross-Site Scripting via Avatar Image URL
CVSS 7.2
CVE-2026-28405
HIGH
markusproject/markus < 2.9.1 - Stored Cross-Site Scripting via HTML Content Rendering
CVSS 8.0
CVE-2026-28343
MEDIUM
CKEditor5 29.0.0-47.6.0 - Cross-Site Scripting via General HTML Support Feature
CVSS 6.4
CVE-2026-28223
MEDIUM
Wagtail <6.3.8/7.0.6/7.2.3/7.3.1 - XSS
CVSS 6.1
CVE-2026-28222
MEDIUM
Wagtail <6.3.8/7.0.6/7.2.3/7.3.1 - XSS
CVSS 6.1
CVE-2026-26276
HIGH
Gogs < 0.14.2 - Stored Cross-Site Scripting via Milestone Name
CVSS 7.3
CVE-2026-26195
MEDIUM
Gogs < 0.14.2 - Stored Cross-Site Scripting via Unsafe Template Rendering
CVSS 6.1
CVE-2026-26022
HIGH
Gogs < 0.14.2 - Authenticated Stored Cross-Site Scripting via Data URI in Comments and Issues
CVSS 8.7
CVE-2026-26377
MEDIUM
Koha < 25.11.00 - Cross-Site Scripting via News Function
CVSS 5.4
CVE-2026-29052
MEDIUM
HumHub Calendar <1.8.11 - Stored XSS
CVSS 6.1
CVE-2026-28137
HIGH
MediCenter - Health Medical Clinic <=14.9 - XSS
CVSS 7.1
CVE-2026-28130
HIGH
AndonDesign UDesign <= 4.14.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-28127
HIGH
e-plugins Lawyer Directory <= 1.3.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-28126
HIGH
RH Frontend Publishing Pro <=4.3.2 - XSS
CVSS 7.1
CVE-2026-28122
HIGH
ListingPro <= 2.9.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-28113
HIGH
Ultimate Learning Pro <=3.9.1 - XSS
CVSS 7.1
CVE-2026-28112
HIGH
AllInOne Banner Rotator <=3.8 - XSS
CVSS 7.1
CVE-2026-28110
HIGH
LambertGroup AllInOne Banner 3.8 - XSS
CVSS 7.1
Details
Vulnerabilities
44,930
Exploit Likelihood
High