Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-79 Clear
ID Title
CVE-2026-22339 Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
CVE-2026-22329 Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
CVE-2026-22328 Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
CVE-2026-12459 Cross-Site Scripting (XSS) in google (CVE-2026-12459)
cross-site scripting in google (CVE-2026-12459). Risk of unauthorized operations or information disclosure.
CVE-2026-12463 Cross-Site Scripting (XSS) in google (CVE-2026-12463)
cross-site scripting in google (CVE-2026-12463). Risk of unauthorized operations or information disclosure.
CVE-2026-11975 Cross-Site Scripting (XSS) in CVE-2026-11975 (CVE-2026-11975)
cross-site scripting in CVE-2026-11975 (CVE-2026-11975). Risk of unauthorized operations or information disclosure.
CVE-2025-69151 Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2025-69104 Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-59560 Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2025-31013 Cross-Site Scripting (XSS) in CVE-2025-31013 (CVE-2025-31013)
cross-site scripting in CVE-2025-31013 (CVE-2025-31013). Risk of unauthorized operations or information disclosure.
CVE-2024-49269 Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2026-48294 Cross-Site Scripting (XSS) in adobe (CVE-2026-48294)
cross-site scripting in adobe (CVE-2026-48294). Confidential information can be exposed externally.
CVE-2026-46955 Cross-Site Scripting (XSS) in c (CVE-2026-46955)
cross-site scripting in c (CVE-2026-46955). Successful exploitation can lead to full system takeover.
CVE-2026-46856 Cross-Site Scripting (XSS) in c (CVE-2026-46856)
cross-site scripting in c (CVE-2026-46856). Successful exploitation can lead to full system takeover.
CVE-2026-46853 Cross-Site Scripting (XSS) in c (CVE-2026-46853)
cross-site scripting in c (CVE-2026-46853). Successful exploitation can lead to full system takeover.
CVE-2026-28737 Cross-Site Scripting (XSS) in code.gitea.io/gitea (CVE-2026-28737)
cross-site scripting in code.gitea.io/gitea (CVE-2026-28737). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `1.26.0` or later.
CVE-2026-54013 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54011 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54011)
cross-site scripting in open-webui (CVE-2026-54011). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-53929 Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
CVE-2026-48788 Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-54326 Cross-Site Scripting (XSS) in @mariozechner/pi-coding-agent (CVE-2026-54326)
cross-site scripting in @mariozechner/pi-coding-agent (CVE-2026-54326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.78.1` or later.
CVE-2026-54302 Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54303 Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-12425 Cross-Site Scripting (XSS) in powerschool (CVE-2026-12425)
cross-site scripting in powerschool (CVE-2026-12425). Risk of unauthorized operations or information disclosure.
CVE-2026-50133 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-54301 Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2024-30476 Cross-Site Scripting (XSS) in CVE-2024-30476 (CVE-2024-30476)
cross-site scripting in CVE-2024-30476 (CVE-2024-30476). Risk of unauthorized operations or information disclosure.
CVE-2026-54298 Cross-Site Scripting (XSS) in astro (CVE-2026-54298)
cross-site scripting in astro (CVE-2026-54298). Risk of unauthorized operations or information disclosure. Exploitable via ``spreadAttributes``. Mitigation: upgrade to `6.4.6` or later.
CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
CVE-2026-39437 Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
CVE-2026-10093 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
CVE-2026-48157 Cross-Site Scripting (XSS) in slim/slim (CVE-2026-48157)
cross-site scripting in slim/slim (CVE-2026-48157). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpNotFoundException``. Mitigation: upgrade to `4.15.2` or later.
CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
CVE-2026-48966 Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
CVE-2026-49055 Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
CVE-2026-48885 Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-48871 Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
CVE-2026-48880 Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
CVE-2026-48838 Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
CVE-2026-48876 Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
CVE-2026-48867 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
CVE-2026-48870 Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
CVE-2026-42686 Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-42656 Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
CVE-2026-42658 Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42650 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
CVE-2026-42663 Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-42775 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →