CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,957 vulnerabilities with CWE-79
CVE-2026-0540
MEDIUM
DOMPurify 2.5.3-2.5.8/3.1.3-3.3.1 - XSS
CVSS 6.1
CVE-2026-3343
MEDIUM
Fireware OS 12.7-12.11.7/2025.1-2026.1.1 - XSS
CVSS 6.1
CVE-2026-2568
HIGH
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Stored XSS via Form Submission
CVSS 7.2
CVE-2026-3455
MEDIUM
mailparser < 3.9.3 - Cross-Site Scripting via textToHtml URL Sanitization Bypass
CVSS 6.1
CVE-2026-2583
MEDIUM
Blocksy Theme for WordPress <=2.1.30 - XSS
CVSS 6.4
CVE-2026-28401
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Rich Text Cell Rendering
CVSS 5.4
CVE-2026-28398
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via v-html Rendering
CVSS 5.4
CVE-2026-28397
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Comment Rendering
CVSS 5.4
CVE-2026-28359
MEDIUM
NocoDB < 0.301.3 - Authenticated Stored Cross-Site Scripting via Rich Text Cell HTML Injection
CVSS 5.4
CVE-2026-28357
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting in Formula Virtual Cell
CVSS 5.4
CVE-2026-3412
MEDIUM
itsourcecode University Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3403
LOW
PHPGurukul Student Record Management System 1.0 - Cross-Site Scripting via Subject Parameter in edit-subject.php
CVSS 2.4
CVE-2026-3402
LOW
PHPGurukul Student Record Management System <1.0 - XSS
CVSS 2.4
CVE-2026-28561
MEDIUM
wpForo Forum 2.4.14 - Stored Cross-Site Scripting via Forum Description Field
CVSS 5.5
CVE-2026-28560
MEDIUM
wpForo Forum 2.4.0-2.4.15 - Stored Cross-Site Scripting via Forum URL in Inline Script
CVSS 5.5
CVE-2026-28558
MEDIUM
wpForo Forum 2.4.0-2.4.15 - Authenticated Stored Cross-Site Scripting via SVG Avatar Upload
CVSS 6.4
CVE-2026-3010
MEDIUM
Microchip TimePictra 11.0-11.3 SP2 - XSS
CVSS 6.1
CVE-2026-28426
HIGH
Statmatic <5.73.11/6.4.0 - Stored XSS
CVSS 8.7
CVE-2026-28355
LOW
Canarytokens <sha-7ff0e12 - Self-XSS
CVE-2026-28338
MEDIUM
PMD < 7.22.0 - Cross-Site Scripting in VBHTML and YAHTML Report Formats
CVSS 6.8
CVE-2026-28272
HIGH
Kiteworks < 9.2.0 - Authenticated Stored Cross-Site Scripting in Configuration Interface
CVSS 8.1
CVE-2026-26997
MEDIUM
ClipBucket 5.3-5.5.3-59 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2026-27756
MEDIUM
SODOLA SL902-SWTGW124AS <200.1.20 - XSS
CVSS 6.1
CVE-2026-26862
HIGH
CleverTap Web SDK < 1.15.2 - DOM-based Cross-Site Scripting via Window PostMessage Origin Validation Bypass
CVSS 8.3
CVE-2026-3327
MEDIUM
Dato CMS Web Previews <1.0.31 - Iframe Injection
Details
Vulnerabilities
44,957
Exploit Likelihood
High