CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,957 vulnerabilities with CWE-79
CVE-2026-27621
MEDIUM
TypiCMS < 16.1.7 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2026-27614
CRITICAL
Bugsink < 2.0.13 - Unauthenticated Stored Cross-Site Scripting via Pygments Line Handling
CVSS 9.3
CVE-2026-27612
MEDIUM
repostat < 1.0.1 - Reflected Cross-Site Scripting via RepoCard Component
CVSS 6.1
CVE-2026-26351
MEDIUM
GetSimpleCMS CE 3.3.16 - Stored XSS
CVSS 4.8
CVE-2026-23858
MEDIUM
Dell Wyse Management Suite <5.5 - XSS
CVSS 5.4
CVE-2026-27156
MEDIUM
NiceGUI < 3.8.0 - Cross-Site Scripting via Element Method Execution
CVSS 6.1
CVE-2026-27517
MEDIUM
Binardat 10G08-0800GSM <V300SP10260209 - XSS
CVSS 6.1
CVE-2026-27568
MEDIUM
WWBN AVideo < 21.0 - Authenticated Stored Cross-Site Scripting via Markdown Link Injection
CVSS 6.1
CVE-2026-3070
MEDIUM
SourceCodester Modern Image Gallery App 1.0 - XSS
CVSS 4.3
CVE-2026-3054
MEDIUM
Alinto SOGo 5.12.3/5.12.4 - Cross-Site Scripting via Hint Argument
CVSS 4.3
CVE-2026-27126
MEDIUM
Craft CMS 4.5.0-RC1-4.16.18/5.0.0-RC1-5.8.22 - XSS
CVSS 4.8
CVE-2026-3050
LOW
horilla < 1.0.3 - Cross-Site Scripting via Leads Module Notes Parameter
CVSS 3.5
CVE-2026-25802
HIGH
QuantumNous new-api < 0.10.8-alpha.9 - Cross-Site Scripting in MarkdownRenderer.jsx
CVSS 7.6
CVE-2026-3043
MEDIUM
itsourcecode Event Management System 1.0 - XSS
CVSS 4.3
CVE-2026-3041
LOW
BaykeShop < 1.3.20 - Cross-Site Scripting via Article Sidebar Module
CVSS 2.4
CVE-2026-3028
MEDIUM
JEEWMS < 3.7 - Stored Cross-Site Scripting via Name Parameter in doAdd Function
CVSS 4.3
CVE-2026-27742
MEDIUM
Bludit < 3.16.2 - Authenticated Stored Cross-Site Scripting in Post Content
CVSS 5.4
CVE-2026-3027
MEDIUM
JEEWMS < 3.7 - Cross-Site Scripting via UEditor getContent.jsp myEditor Parameter
CVSS 4.3
CVE-2026-25648
HIGH
Traccar >= 6.11.1 - Authenticated Stored Cross-Site Scripting via SVG Device Image Upload
CVSS 8.7
CVE-2026-26464
MEDIUM
Society Management System Portal 1.0 - XSS
CVSS 6.1
CVE-2026-27512
MEDIUM
Tenda F3 Firmware < 12.01.01.55_multi - Reflected Script Execution via Missing nosniff Header
CVSS 6.1
CVE-2026-2972
LOW
Smart-SSO < 2.1.1 - Stored Cross-Site Scripting in Role Edit Page
CVSS 2.4
CVE-2026-2971
MEDIUM
Smart-SSO < 2.1.1 - Cross-Site Scripting via redirectUri Parameter
CVSS 4.3
CVE-2026-2965
LOW
07FLYCMS 1.2.0-1.2.9 - Stored Cross-Site Scripting via SysModule Title Parameter
CVSS 2.4
CVE-2026-2947
LOW
rymcu forest <= 0.0.5 - Cross-Site Scripting in User Profile Handler
CVSS 3.5
Details
Vulnerabilities
44,957
Exploit Likelihood
High