CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,957 vulnerabilities with CWE-79
CVE-2026-2946
LOW
rymcu forest < 0.0.5 - Cross-Site Scripting in XssUtils.replaceHtmlCode
CVSS 3.5
CVE-2026-2943
MEDIUM
SapneshNaik Student Management System - XSS
CVSS 4.3
CVE-2026-2939
LOW
itsourcecode Student Management System 1.0 - XSS
CVSS 2.4
CVE-2026-2934
LOW
YiFang CMS < 2.0.5 - Cross-Site Scripting via Name Parameter in Extended Management Module
CVSS 2.4
CVE-2026-2933
LOW
YiFang CMS < 2.0.5 - Cross-Site Scripting via Name Parameter in Extended Management Module
CVSS 2.4
CVE-2026-2932
LOW
YiFang CMS < 2.0.5 - Cross-Site Scripting via Extended Management Module
CVSS 2.4
CVE-2026-2897
LOW
funadmin < 7.1.0 - Cross-Site Scripting via Backend Interface Value Argument
CVSS 2.4
CVE-2026-27469
MEDIUM
Isso < 0.13.2 - Stored Cross-Site Scripting via Website and Author Comment Fields
CVSS 6.1
CVE-2026-27210
MEDIUM
Pannellum 2.5.0-2.5.6 - Stored Cross-Site Scripting via Hot Spot Attributes
CVSS 6.1
CVE-2026-27196
HIGH
Statmatic <=5.73.8/6.0.0-6.3.1 - Stored XSS
CVSS 8.1
CVE-2026-27169
HIGH
OpenSift < 1.1.3-alpha - Stored Cross-Site Scripting via Unsafe HTML Interpolation
CVSS 8.9
CVE-2026-27147
MEDIUM
GetSimple CMS < 3.3.22 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 5.4
CVE-2026-27122
MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Server-Side Rendering Tag Injection
CVSS 5.4
CVE-2026-27121
MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Spread Syntax Attribute Rendering
CVSS 5.4
CVE-2026-27119
MEDIUM
svelte 5.39.3-5.51.4 - Cross-Site Scripting in Server-Side Rendering Option Element
CVSS 5.4
CVE-2026-27120
MEDIUM
LeafKit < 1.4.1 - Cross-Site Scripting via Extended Grapheme Cluster Bypass
CVSS 6.1
CVE-2026-27020
MEDIUM
Photobooth < 1.0.1 - Cross-Site Scripting via User Input Fields
CVE-2026-2472
HIGH
Google Cloud Vertex AI SDK 1.98.0-1.131.0 - XSS
CVE-2026-27506
MEDIUM
SVXportal < 2.5 - Authenticated Stored Cross-Site Scripting in User Profile Update
CVSS 6.1
CVE-2026-27505
MEDIUM
SVXportal < 2.5 - Stored Cross-Site Scripting in User Registration Workflow
CVSS 6.1
CVE-2026-27504
MEDIUM
SVXportal < 2.5 - Authenticated Reflected Cross-Site Scripting via stationid Parameter
CVSS 6.1
CVE-2026-27503
MEDIUM
SVXportal < 2.5 - Authenticated Reflected Cross-Site Scripting via Admin Log Search Parameter
CVSS 6.1
CVE-2026-27502
MEDIUM
SVXportal < 2.5 - Reflected Cross-Site Scripting via log.php Search Parameter
CVSS 6.1
CVE-2026-26724
HIGH
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via selectgroup and gn Parameters
CVSS 7.6
CVE-2026-26723
HIGH
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via Function Parameter
CVSS 8.2
Details
Vulnerabilities
44,957
Exploit Likelihood
High