Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: xss Clear
ID Title
CVE-2026-59926 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into th...
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...
CVE-2026-56359 Cross-Site Scripting (XSS) in CVE-2026-56359 (CVE-2026-56359)
cross-site scripting in CVE-2026-56359 (CVE-2026-56359). Risk of unauthorized operations or information disclosure.
CVE-2026-41122 Cross-Site Scripting (XSS) in CVE-2026-41122 (CVE-2026-41122)
cross-site scripting in CVE-2026-41122 (CVE-2026-41122). Risk of unauthorized operations or information disclosure.
CVE-2026-11903 Cross-Site Scripting (XSS) in CVE-2026-11903 (CVE-2026-11903)
cross-site scripting in CVE-2026-11903 (CVE-2026-11903). Successful exploitation can lead to full system takeover.
CVE-2026-60092 Cross-Site Scripting (XSS) in CVE-2026-60092 (CVE-2026-60092)
cross-site scripting in CVE-2026-60092 (CVE-2026-60092). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-58654 Unrestricted File Upload in path-traversal (CVE-2026-58654)
vulnerability in path-traversal (CVE-2026-58654). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-8310 Cross-Site Scripting (XSS) in CVE-2026-8310 (CVE-2026-8310)
cross-site scripting in CVE-2026-8310 (CVE-2026-8310). Risk of unauthorized operations or information disclosure.
CVE-2026-8315 Cross-Site Scripting (XSS) in CVE-2026-8315 (CVE-2026-8315)
cross-site scripting in CVE-2026-8315 (CVE-2026-8315). Risk of unauthorized operations or information disclosure.
CVE-2026-6740 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6740)
cross-site scripting in wordpress (CVE-2026-6740). Risk of unauthorized operations or information disclosure.
CVE-2026-6459 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6459)
cross-site scripting in wordpress (CVE-2026-6459). Risk of unauthorized operations or information disclosure.
CVE-2026-6820 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6820)
cross-site scripting in wordpress (CVE-2026-6820). Risk of unauthorized operations or information disclosure.
CVE-2026-6742 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6742)
cross-site scripting in wordpress (CVE-2026-6742). Risk of unauthorized operations or information disclosure.
CVE-2026-6371 Cross-Site Scripting (XSS) in CVE-2026-6371 (CVE-2026-6371)
cross-site scripting in CVE-2026-6371 (CVE-2026-6371). Risk of unauthorized operations or information disclosure.
CVE-2026-6818 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6818)
cross-site scripting in wordpress (CVE-2026-6818). Risk of unauthorized operations or information disclosure.
CVE-2025-14785 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14785)
cross-site scripting in wordpress (CVE-2025-14785). Risk of unauthorized operations or information disclosure. Exploitable via ``seedprodnestedmenuwidget``.
CVE-2026-11798 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11798)
cross-site scripting in wordpress (CVE-2026-11798). Risk of unauthorized operations or information disclosure.
CVE-2026-10570 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10570)
cross-site scripting in wordpress (CVE-2026-10570). Risk of unauthorized operations or information disclosure.
CVE-2026-12041 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12041)
cross-site scripting in wordpress (CVE-2026-12041). Risk of unauthorized operations or information disclosure.
CVE-2026-36162 Cross-Site Scripting (XSS) in CVE-2026-36162 (CVE-2026-36162)
cross-site scripting in CVE-2026-36162 (CVE-2026-36162). Risk of unauthorized operations or information disclosure.
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48949 Lack of validation leads to an XSS vulnerability in the MFA management views.
Lack of validation leads to an XSS vulnerability in the MFA management views.
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2025-12799 Cross-Site Scripting (XSS) in CVE-2025-12799 (CVE-2025-12799)
cross-site scripting in CVE-2025-12799 (CVE-2025-12799). Data can be tampered with by attackers.
CVE-2026-12948 Cross-Site Scripting (XSS) in CVE-2026-12948 (CVE-2026-12948)
cross-site scripting in CVE-2026-12948 (CVE-2026-12948). Risk of unauthorized operations or information disclosure.
CVE-2026-8309 Cross-Site Scripting (XSS) in CVE-2026-8309 (CVE-2026-8309)
cross-site scripting in CVE-2026-8309 (CVE-2026-8309). Risk of unauthorized operations or information disclosure.
CVE-2026-8306 Cross-Site Scripting (XSS) in CVE-2026-8306 (CVE-2026-8306)
cross-site scripting in CVE-2026-8306 (CVE-2026-8306). Risk of unauthorized operations or information disclosure.
CVE-2026-7380 Vulnerability in CVE-2026-7380 (CVE-2026-7380)
vulnerability in CVE-2026-7380 (CVE-2026-7380). Risk of unauthorized operations or information disclosure.
CVE-2026-11328 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11328)
cross-site scripting in wordpress (CVE-2026-11328). Risk of unauthorized operations or information disclosure.
CVE-2026-53641 Cross-Site Scripting (XSS) in CVE-2026-53641 (CVE-2026-53641)
cross-site scripting in CVE-2026-53641 (CVE-2026-53641). Risk of unauthorized operations or information disclosure. Exploitable via ``content_html``.
CVE-2026-59710 Cross-Site Scripting (XSS) in CVE-2026-59710 (CVE-2026-59710)
cross-site scripting in CVE-2026-59710 (CVE-2026-59710). Risk of unauthorized operations or information disclosure.
CVE-2026-59711 Cross-Site Scripting (XSS) in CVE-2026-59711 (CVE-2026-59711)
cross-site scripting in CVE-2026-59711 (CVE-2026-59711). Risk of unauthorized operations or information disclosure.
CVE-2026-12154 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12154)
cross-site scripting in wordpress (CVE-2026-12154). Risk of unauthorized operations or information disclosure.
CVE-2025-53831 Cross-Site Scripting (XSS) in CVE-2025-53831 (CVE-2025-53831)
cross-site scripting in CVE-2025-53831 (CVE-2025-53831). Confidential information can be exposed externally.
CVE-2026-14791 Cross-Site Scripting (XSS) in CVE-2026-14791 (CVE-2026-14791)
cross-site scripting in CVE-2026-14791 (CVE-2026-14791). Risk of unauthorized operations or information disclosure.
CVE-2026-14752 Cross-Site Scripting (XSS) in CVE-2026-14752 (CVE-2026-14752)
cross-site scripting in CVE-2026-14752 (CVE-2026-14752). Risk of unauthorized operations or information disclosure.
CVE-2026-14704 Cross-Site Scripting (XSS) in CVE-2026-14704 (CVE-2026-14704)
cross-site scripting in CVE-2026-14704 (CVE-2026-14704). Risk of unauthorized operations or information disclosure.
CVE-2026-14656 Cross-Site Scripting (XSS) in CVE-2026-14656 (CVE-2026-14656)
cross-site scripting in CVE-2026-14656 (CVE-2026-14656). Risk of unauthorized operations or information disclosure.
CVE-2026-14655 Cross-Site Scripting (XSS) in CVE-2026-14655 (CVE-2026-14655)
cross-site scripting in CVE-2026-14655 (CVE-2026-14655). Risk of unauthorized operations or information disclosure.
CVE-2026-14634 Cross-Site Scripting (XSS) in CVE-2026-14634 (CVE-2026-14634)
cross-site scripting in CVE-2026-14634 (CVE-2026-14634). Risk of unauthorized operations or information disclosure.
CVE-2026-14633 Cross-Site Scripting (XSS) in CVE-2026-14633 (CVE-2026-14633)
cross-site scripting in CVE-2026-14633 (CVE-2026-14633). Risk of unauthorized operations or information disclosure.
CVE-2026-58524 Cross-Site Scripting (XSS) in microsoft (CVE-2026-58524)
cross-site scripting in microsoft (CVE-2026-58524). Risk of unauthorized operations or information disclosure.
CVE-2026-58298 Cross-Site Scripting (XSS) in microsoft (CVE-2026-58298)
cross-site scripting in microsoft (CVE-2026-58298). Risk of unauthorized operations or information disclosure.
CVE-2026-57977 Cross-Site Scripting (XSS) in microsoft (CVE-2026-57977)
cross-site scripting in microsoft (CVE-2026-57977). Data can be tampered with by attackers.
CVE-2026-4322 Cross-Site Scripting (XSS) in CVE-2026-4322 (CVE-2026-4322)
cross-site scripting in CVE-2026-4322 (CVE-2026-4322). Risk of unauthorized operations or information disclosure.
CVE-2026-4804 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4804)
cross-site scripting in wordpress (CVE-2026-4804). Risk of unauthorized operations or information disclosure.
CVE-2026-9756 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9756)
cross-site scripting in wordpress (CVE-2026-9756). Risk of unauthorized operations or information disclosure.
CVE-2026-8351 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8351)
cross-site scripting in wordpress (CVE-2026-8351). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →