CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,957 vulnerabilities with CWE-79
CVE-2026-24351
MEDIUM
PluXml CMS 5.8.21/5.9.0-rc7 - Stored XSS
CVSS 5.4
CVE-2026-24350
MEDIUM
PluXml CMS - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2026-1434
MEDIUM
Omega-PSIR 4.5.9-4.6.7 - Reflected Cross-Site Scripting via Lang Parameter
CVSS 6.1
CVE-2026-2383
MEDIUM
Simple Download Monitor <4.0.5 - XSS
CVSS 6.4
CVE-2026-2362
MEDIUM
WP Accessibility <=2.3.1 - Stored XSS
CVSS 6.4
CVE-2026-3302
MEDIUM
SourceCodester Doctor Appointment System 1.0 - XSS
CVSS 4.3
CVE-2026-28280
MEDIUM
osctrl < 0.5.0 - Stored Cross-Site Scripting in On-Demand Query List
CVSS 6.1
CVE-2026-28274
HIGH
Initiative < 0.32.4 - Stored Cross-Site Scripting via HTML Document Upload
CVSS 8.7
CVE-2026-27154
MEDIUM
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Stored Cross-Site Scripting via User Full Name
CVSS 6.1
CVE-2026-2680
MEDIUM
Wolters Kluwer a3factura - Reflected Cross-Site Scripting via customerVATNumber Parameter
CVSS 6.1
CVE-2026-2679
MEDIUM
a3factura - Reflected Cross-Site Scripting via customerName Parameter
CVSS 6.1
CVE-2026-2678
MEDIUM
a3factura - Reflected Cross-Site Scripting via Name Parameter
CVSS 6.1
CVE-2026-2677
MEDIUM
Wolters Kluwer a3factura - Reflected Cross-Site Scripting via 'name' Parameter
CVSS 6.1
CVE-2026-28083
MEDIUM
Flatsome <= 3.20.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-1696
MEDIUM
PcVue 12.0.0-15.2.12 and 16.0.0-16.3.2 - Cross-Site Scripting via Missing HTTP Security Headers
CVSS 6.1
CVE-2026-1695
MEDIUM
PcVue 12.0.0-16.3.3 - Cross-Site Scripting in OAuth Error Page
CVSS 6.1
CVE-2026-27974
MEDIUM
audiobookshelf_mobile_app < 0.12.0 - Cross-Site Scripting via Malicious Library Metadata
CVSS 4.8
CVE-2026-27963
MEDIUM
Audiobookshelf <2.32.0 - Stored XSS
CVSS 4.8
CVE-2026-2506
MEDIUM
EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via Customer Name Field
CVSS 6.1
CVE-2026-2499
MEDIUM
Custom Logo <= 2.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2026-2498
MEDIUM
WP Social Meta <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2026-2489
MEDIUM
TP2WP Importer <= 1.1 - Authenticated Stored Cross-Site Scripting via Watched Domains Textarea
CVSS 4.4
CVE-2026-2029
MEDIUM
Livemesh Addons for Beaver Builder <=3.9.2 - XSS
CVSS 6.4
CVE-2026-27973
MEDIUM
audiobookshelf < 2.12.0 - Stored Cross-Site Scripting via Library Metadata
CVSS 4.0
CVE-2026-27970
MEDIUM
Angular < 21.2.0, 21.1.6, 20.3.17, 19.2.19 - Cross-Site Scripting in i18n ICU Message Translation
CVSS 6.1
Details
Vulnerabilities
44,957
Exploit Likelihood
High