Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: xss Clear
ID Title
CVE-2026-20108 Cross-Site Scripting (XSS) in Cisco catalyst-sd-wan-manager (CVE-2026-20108)
cross-site scripting in Cisco catalyst-sd-wan-manager (CVE-2026-20108). Risk of unauthorized operations or information disclosure.
CVE-2026-20170 Vulnerability in Cisco webex-contact-center (CVE-2026-20170)
vulnerability in Cisco webex-contact-center (CVE-2026-20170). Risk of unauthorized operations or information disclosure.
CVE-2026-20132 Cross-Site Scripting (XSS) in Cisco identity-services-engine (CVE-2026-20132)
cross-site scripting in Cisco identity-services-engine (CVE-2026-20132). Risk of unauthorized operations or information disclosure.
CVE-2026-44896 Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-44549 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44831 Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-42192 Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
CVE-2026-44737 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
cross-site scripting in getgrav/grav (CVE-2026-44737). Risk of unauthorized operations or information disclosure. Exploitable via `GET /admin/pages/`. Mitigation: upgrade to `1.7.49.5` or later.
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44429 Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-44212 Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
CVE-2026-42794 Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
CVE-2026-41591 Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
CVE-2026-41575 Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
CVE-2026-7650 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)
cross-site scripting in wordpress (CVE-2026-7650). Risk of unauthorized operations or information disclosure.
CVE-2026-7475 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7475)
cross-site scripting in wordpress (CVE-2026-7475). Risk of unauthorized operations or information disclosure. Exploitable via ``sky_script_content``.
CVE-2026-5341 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)
cross-site scripting in wordpress (CVE-2026-5341). Risk of unauthorized operations or information disclosure. Exploitable via ``strava_nmr_connect``.
CVE-2026-7330 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
CVE-2024-33724 Cross-Site Scripting (XSS) in CVE-2024-33724 (CVE-2024-33724)
cross-site scripting in CVE-2024-33724 (CVE-2024-33724). Risk of unauthorized operations or information disclosure.
CVE-2023-42343 Cross-Site Scripting (XSS) in CVE-2023-42343 (CVE-2023-42343)
cross-site scripting in CVE-2023-42343 (CVE-2023-42343). Risk of unauthorized operations or information disclosure.
CVE-2023-42345 Cross-Site Scripting (XSS) in CVE-2023-42345 (CVE-2023-42345)
cross-site scripting in CVE-2023-42345 (CVE-2023-42345). Risk of unauthorized operations or information disclosure.
CVE-2022-23961 Cross-Site Scripting (XSS) in CVE-2022-23961 (CVE-2022-23961)
cross-site scripting in CVE-2022-23961 (CVE-2022-23961). Risk of unauthorized operations or information disclosure.
CVE-2026-8136 Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)
cross-site scripting in CVE-2026-8136 (CVE-2026-8136). Risk of unauthorized operations or information disclosure.
CVE-2026-42150 Cross-Site Scripting (XSS) in wlc (CVE-2026-42150)
cross-site scripting in wlc (CVE-2026-42150). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.0` or later.
CVE-2026-8117 Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
cross-site scripting in CVE-2026-8117 (CVE-2026-8117). Risk of unauthorized operations or information disclosure.
CVE-2026-41929 Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
cross-site scripting in CVE-2026-41929 (CVE-2026-41929). Risk of unauthorized operations or information disclosure.
CVE-2026-32207 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
CVE-2026-39823 Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-36388 Cross-Site Scripting (XSS) in CVE-2026-36388 (CVE-2026-36388)
cross-site scripting in CVE-2026-36388 (CVE-2026-36388). Risk of unauthorized operations or information disclosure.
CVE-2025-67202 Cross-Site Scripting (XSS) in sidekiq-cron (CVE-2025-67202)
cross-site scripting in sidekiq-cron (CVE-2025-67202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.0` or later.
CVE-2026-8080 Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
SUSE-SU-2026:1749-1 Vulnerability in SUSE-SU-2026:1749-1 (SUSE-SU-2026:1749-1)
vulnerability in SUSE-SU-2026:1749-1 (SUSE-SU-2026:1749-1). Risk of unauthorized operations or information disclosure.
CVE-2026-36358 Cross-Site Scripting (XSS) in CVE-2026-36358 (CVE-2026-36358)
cross-site scripting in CVE-2026-36358 (CVE-2026-36358). Risk of unauthorized operations or information disclosure.
CVE-2026-35453 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-38432 Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
CVE-2025-52206 ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
CVE-2026-42138 Cross-Site Scripting (XSS) in langgenius (CVE-2026-42138)
cross-site scripting in langgenius (CVE-2026-42138). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/files/upload`.
CVE-2026-42086 Cross-Site Scripting (XSS) in openc3 (CVE-2026-42086)
cross-site scripting in openc3 (CVE-2026-42086). Risk of unauthorized operations or information disclosure. Exploitable via ``convertToValue``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
CVE-2025-14320 Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
CVE-2026-37503 Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
CVE-2026-3346 SQL Injection in langflow (CVE-2026-3346)
SQL injection in langflow (CVE-2026-3346). Risk of unauthorized operations or information disclosure.
CVE-2026-40296 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-40296)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-40296). Risk of unauthorized operations or information disclosure. Exploitable via ``General``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-38949 Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.
CVE-2026-38936 Cross-Site Scripting (XSS) in CVE-2026-38936 (CVE-2026-38936)
cross-site scripting in CVE-2026-38936 (CVE-2026-38936). Risk of unauthorized operations or information disclosure.
CVE-2026-38935 Cross-Site Scripting (XSS) in CVE-2026-38935 (CVE-2026-38935)
cross-site scripting in CVE-2026-38935 (CVE-2026-38935). Risk of unauthorized operations or information disclosure.
CVE-2026-6999 Cross-Site Scripting (XSS) in CVE-2026-6999 (CVE-2026-6999)
cross-site scripting in CVE-2026-6999 (CVE-2026-6999). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →