Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: xss Clear
ID Title
CVE-2026-50555 Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
CVE-2026-52725 Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
CVE-2025-15659 Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
CVE-2025-15658 Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
CVE-2016-20084 Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
CVE-2016-20070 Cross-Site Scripting (XSS) in wordpress (CVE-2016-20070)
cross-site scripting in wordpress (CVE-2016-20070). Risk of unauthorized operations or information disclosure.
CVE-2016-20066 Cross-Site Scripting (XSS) in wordpress (CVE-2016-20066)
cross-site scripting in wordpress (CVE-2016-20066). Risk of unauthorized operations or information disclosure.
CVE-2026-9278 Vulnerability in wordpress (CVE-2026-9278)
vulnerability in wordpress (CVE-2026-9278). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
CVE-2026-12202 Cross-Site Scripting (XSS) in CVE-2026-12202 (CVE-2026-12202)
cross-site scripting in CVE-2026-12202 (CVE-2026-12202). Risk of unauthorized operations or information disclosure.
CVE-2026-12176 Cross-Site Scripting (XSS) in CVE-2026-12176 (CVE-2026-12176)
cross-site scripting in CVE-2026-12176 (CVE-2026-12176). Risk of unauthorized operations or information disclosure.
CVE-2026-5513 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5513)
cross-site scripting in wordpress (CVE-2026-5513). Risk of unauthorized operations or information disclosure.
CVE-2026-9629 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9629)
cross-site scripting in wordpress (CVE-2026-9629). Risk of unauthorized operations or information disclosure.
CVE-2026-3297 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3297)
cross-site scripting in wordpress (CVE-2026-3297). Risk of unauthorized operations or information disclosure.
CVE-2026-9134 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9134)
cross-site scripting in wordpress (CVE-2026-9134). Risk of unauthorized operations or information disclosure.
CVE-2026-9109 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9109)
cross-site scripting in wordpress (CVE-2026-9109). Risk of unauthorized operations or information disclosure.
CVE-2026-9061 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9061)
cross-site scripting in wordpress (CVE-2026-9061). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
CVE-2026-11443 Cross-Site Scripting (XSS) in CVE-2026-11443 (CVE-2026-11443)
cross-site scripting in CVE-2026-11443 (CVE-2026-11443). Risk of unauthorized operations or information disclosure.
CVE-2026-53608 Cross-Site Scripting (XSS) in CVE-2026-53608 (CVE-2026-53608)
cross-site scripting in CVE-2026-53608 (CVE-2026-53608). Confidential information can be exposed externally. Exploitable via ``seoGoogleTrackingId``.
CVE-2026-54395 Cross-Site Scripting (XSS) in CVE-2026-54395 (CVE-2026-54395)
cross-site scripting in CVE-2026-54395 (CVE-2026-54395). Risk of unauthorized operations or information disclosure.
CVE-2026-54393 Cross-Site Scripting (XSS) in CVE-2026-54393 (CVE-2026-54393)
cross-site scripting in CVE-2026-54393 (CVE-2026-54393). Risk of unauthorized operations or information disclosure.
CVE-2026-12130 Cross-Site Scripting (XSS) in CVE-2026-12130 (CVE-2026-12130)
cross-site scripting in CVE-2026-12130 (CVE-2026-12130). Risk of unauthorized operations or information disclosure.
CVE-2026-12129 Cross-Site Scripting (XSS) in CVE-2026-12129 (CVE-2026-12129)
cross-site scripting in CVE-2026-12129 (CVE-2026-12129). Risk of unauthorized operations or information disclosure.
CVE-2026-53606 Cross-Site Scripting (XSS) in CVE-2026-53606 (CVE-2026-53606)
cross-site scripting in CVE-2026-53606 (CVE-2026-53606). Risk of unauthorized operations or information disclosure. Exploitable via ``allowedSchemesAppliedToAttributes``.
CVE-2026-45014 Cross-Site Scripting (XSS) in CVE-2026-45014 (CVE-2026-45014)
cross-site scripting in CVE-2026-45014 (CVE-2026-45014). Risk of unauthorized operations or information disclosure.
CVE-2026-44311 Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
CVE-2026-53724 Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
CVE-2026-53568 Cross-Site Scripting (XSS) in CVE-2026-53568 (CVE-2026-53568)
cross-site scripting in CVE-2026-53568 (CVE-2026-53568). Risk of unauthorized operations or information disclosure.
CVE-2026-53787 Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
CVE-2026-53722 Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-47739 Cross-Site Scripting (XSS) in CVE-2026-47739 (CVE-2026-47739)
cross-site scripting in CVE-2026-47739 (CVE-2026-47739). Risk of unauthorized operations or information disclosure.
CVE-2026-44205 Cross-Site Scripting (XSS) in CVE-2026-44205 (CVE-2026-44205)
cross-site scripting in CVE-2026-44205 (CVE-2026-44205). Risk of unauthorized operations or information disclosure.
CVE-2026-9269 Vulnerability in wordpress (CVE-2026-9269)
vulnerability in wordpress (CVE-2026-9269). Risk of unauthorized operations or information disclosure.
CVE-2026-9125 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
cross-site scripting in wordpress (CVE-2026-9125). Risk of unauthorized operations or information disclosure.
CVE-2026-42653 Cross-Site Scripting (XSS) in CVE-2026-42653 (CVE-2026-42653)
cross-site scripting in CVE-2026-42653 (CVE-2026-42653). Risk of unauthorized operations or information disclosure.
CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
CVE-2026-4096 Vulnerability in ibm (CVE-2026-4096)
vulnerability in ibm (CVE-2026-4096). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
CVE-2023-33999 Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
cross-site scripting in CVE-2023-33999 (CVE-2023-33999). Risk of unauthorized operations or information disclosure.
CVE-2026-2827 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
cross-site scripting in wordpress (CVE-2026-2827). Risk of unauthorized operations or information disclosure.
CVE-2026-42558 Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
cross-site scripting in CVE-2026-42558 (CVE-2026-42558). Confidential information can be exposed externally.
CVE-2026-0266 Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
cross-site scripting in CVE-2026-0266 (CVE-2026-0266). Risk of unauthorized operations or information disclosure.
CVE-2026-53693 Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
CVE-2026-53473 Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
CVE-2026-53441 Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
cross-site scripting in org.jenkins-ci.main:jenkins-core (CVE-2026-53441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.568` or later.
CVE-2026-49069 Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
cross-site scripting in CVE-2026-49069 (CVE-2026-49069). Risk of unauthorized operations or information disclosure.
CVE-2026-11859 Vulnerability in CVE-2026-11859 (CVE-2026-11859)
vulnerability in CVE-2026-11859 (CVE-2026-11859). Risk of unauthorized operations or information disclosure.
CVE-2026-9019 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
cross-site scripting in wordpress (CVE-2026-9019). Risk of unauthorized operations or information disclosure.
CVE-2026-8613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
cross-site scripting in wordpress (CVE-2026-8613). Risk of unauthorized operations or information disclosure.
CVE-2026-8853 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
cross-site scripting in wordpress (CVE-2026-8853). Risk of unauthorized operations or information disclosure.
CVE-2026-9060 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
cross-site scripting in wordpress (CVE-2026-9060). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
CVE-2025-8444 Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
cross-site scripting in wordpress (CVE-2025-8444). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →