CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,930 vulnerabilities with CWE-79
CVE-2026-22465
HIGH
BuddyApp <= 1.9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-22455
HIGH
Thebe <= 1.3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-22440
HIGH
Thecs <= 1.4.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-22438
HIGH
TheBi <= 1.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-3034
MEDIUM
OoohBoi Steroids for Elementor <=2.1.24 - XSS
CVSS 6.4
CVE-2026-2365
HIGH
Fluent Forms Pro Add On Pack <= 6.1.17 - Unauthenticated Stored XSS via fluentform_step_form_save_data
CVSS 7.2
CVE-2026-20149
MEDIUM
Cisco Webex - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2026-20102
MEDIUM
Cisco Secure Firewall ASA/FTD - XSS
CVSS 6.1
CVE-2026-2355
MEDIUM
My Calendar - Accessible Event Manager <= 3.7.3 - Authenticated Stored Cross-Site Scripting via Template Attribute
CVSS 6.4
CVE-2026-1706
MEDIUM
All-in-One Video Gallery <4.7.1 - XSS
CVSS 6.1
CVE-2026-1236
MEDIUM
Envira Gallery WordPress Plugin <1.12.3 - XSS
CVSS 6.4
CVE-2026-28772
MEDIUM
International Datacasting SFX Series SuperFlex Web Interface 101 - XSS via submitType Parameter
CVSS 6.1
CVE-2026-28771
MEDIUM
International Datacasting SFX Series SuperFlex Web Interface 101 XSS via /index.cgi cat Parameter
CVSS 6.1
CVE-2026-3242
MEDIUM
Concrete CMS < 9.4.8 - Authenticated Stored Cross-Site Scripting via Switch Language Block
CVSS 4.8
CVE-2026-3241
MEDIUM
Concrete CMS < 9.4.8 - Authenticated Stored Cross-Site Scripting in Legacy Form Block
CVSS 4.8
CVE-2026-3240
MEDIUM
Concrete CMS < 9.4.8 - Stored Cross-Site Scripting via Legacy Form Question Field
CVSS 4.8
CVE-2026-3244
MEDIUM
Concrete CMS < 9.4.8 - Authenticated Stored Cross-Site Scripting in Search Block
CVSS 4.8
CVE-2026-2292
MEDIUM
Morkva UA Shipping <= 1.7.9 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2026-2289
MEDIUM
WordPress Taskbuilder <=5.0.3 - XSS
CVSS 4.4
CVE-2026-1945
HIGH
WPBookit WordPress Plugin <1.0.8 - XSS
CVSS 7.2
CVE-2026-26272
MEDIUM
HomeBox < 0.23.1 - Authenticated Stored Cross-Site Scripting via Item Attachment Upload
CVSS 4.6
CVE-2026-26266
CRITICAL
AliasVault Web Client <0.25.3 - XSS
CVSS 9.3
CVE-2026-25590
MEDIUM
glpi_inventory < 1.6.6 - Reflected Cross-Site Scripting in Task Jobs
CVSS 4.5
CVE-2026-24415
MEDIUM
OpenSTAManager < 2.9.8 - Reflected Cross-Site Scripting via Righe GET Parameter
CVSS 6.1
CVE-2026-21866
MEDIUM
Dify < 1.11.2 - Stored Cross-Site Scripting via Mermaid Diagram Rendering
CVSS 5.4
Details
Vulnerabilities
44,930
Exploit Likelihood
High