CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,959 vulnerabilities with CWE-79
CVE-2026-1055
MEDIUM
TalkJS WordPress Plugin <=0.1.15 - XSS
CVSS 4.4
CVE-2026-1047
MEDIUM
WordPress Salavat Counter Plugin <0.9.5 - XSS
CVSS 4.4
CVE-2026-1044
MEDIUM
Tennis Court Bookings Plugin <1.2.7 - XSS
CVSS 4.4
CVE-2026-1043
MEDIUM
PostmarkApp Email Integrator 2.4 - XSS
CVSS 4.4
CVE-2026-0561
MEDIUM
Shield Security Plugin <21.0.8 - XSS
CVSS 6.1
CVE-2026-0556
MEDIUM
XO Event Calendar <= 3.2.10 - Authenticated Stored Cross-Site Scripting via xo_event_field Shortcode
CVSS 6.4
CVE-2026-0549
MEDIUM
WordPress Groups Plugin <3.10.0 - XSS
CVSS 6.4
CVE-2026-26281
MEDIUM
InvoicePlane - Authenticated Stored Cross-Site Scripting in Sumex Invoice View
CVSS 4.4
CVE-2026-26270
MEDIUM
InvoicePlane - Authenticated Stored Cross-Site Scripting via Invoice Group Identifier Format Field
CVSS 5.4
CVE-2026-25596
MEDIUM
InvoicePlane < 1.7.1 - Authenticated Stored Cross-Site Scripting via Product Unit Name Field
CVSS 4.8
CVE-2026-25595
MEDIUM
InvoicePlane < 1.7.1 - Authenticated Stored Cross-Site Scripting via Invoice Number Field
CVSS 4.8
CVE-2026-25594
MEDIUM
InvoicePlane < 1.7.1 - Stored Cross-Site Scripting via Family Name Field
CVSS 4.8
CVE-2026-24745
MEDIUM
InvoicePlane 1.7.0 - Authenticated Stored Cross-Site Scripting via SVG Logo Upload
CVSS 5.7
CVE-2026-27178
HIGH
MajorDoMo - Unauthenticated Stored Cross-Site Scripting via Shoutbox Method Parameters
CVSS 7.2
CVE-2026-27177
HIGH
MajorDoMo - Unauthenticated Stored Cross-Site Scripting via Property Set Endpoint
CVSS 7.2
CVE-2026-27176
MEDIUM
MajorDoMo - Reflected Cross-Site Scripting in command.php via qry Parameter
CVSS 6.1
CVE-2026-24744
MEDIUM
InvoicePlane 1.7.0 - Authenticated Stored Cross-Site Scripting via Invoice Number Parameter
CVSS 5.7
CVE-2026-24743
MEDIUM
InvoicePlane 1.7.0 - Authenticated Stored Cross-Site Scripting via Invoice Logo Upload
CVSS 5.7
CVE-2026-24746
MEDIUM
InvoicePlane 1.7.0 - Authenticated Stored Cross-Site Scripting via Quote Number Parameter
CVSS 5.7
CVE-2026-25500
MEDIUM
Rack < 2.2.22 - Cross-Site Scripting via Directory Index File Basename
CVSS 5.4
CVE-2026-27099
HIGH
Jenkins 2.483-2.550 and LTS 2.492.1-2.541.1 - Stored Cross-Site Scripting in Offline Cause Description
CVSS 8.0
CVE-2026-1404
MEDIUM
Ultimate Member Plugin <2.11.1 - XSS
CVSS 6.1
CVE-2026-1441
MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via /system/index_sets/ Endpoint
CVSS 6.1
CVE-2026-1440
MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via /system/pipelines/ Endpoint
CVSS 6.1
CVE-2026-1439
MEDIUM
Graylog 2.2.3 - Reflected Cross-Site Scripting via Alerts Endpoint
CVSS 6.1
Details
Vulnerabilities
44,959
Exploit Likelihood
High