Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:xss — CVE vulnerabilities tagged 48678

48678 CVE security advisories tagged "type:xss" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:xss" identifies Cross-Site Scripting, a critical web security vulnerability where attackers inject malicious scripts into trusted websites. This occurs when applications fail to properly validate or sanitize user input, allowing client-side code to execute within a victim’s browser session. The significance of XSS lies in its ability to bypass same-origin policies, enabling attackers to steal sensitive data like session cookies, credentials, or personal information, and to perform actions on behalf of the user. Typical scenarios include reflected XSS, where malicious links are sent via email or search results, and stored XSS, where scripts are permanently saved on target servers, such as in comment sections or forums. With over 48,000 associated CVEs, this widespread flaw remains a primary vector for web-based attacks, underscoring the necessity for robust input validation and output encoding practices in modern software development to protect user integrity and data confidentiality.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import — Cost of Goods by PixelYourSiteCWE-79 7.2 High2026-05-20
CVE-2026-4293 Kieback & Peter DDC Building Controllers Cross-site Scripting — DDC4002CWE-79 5.3 Medium2026-05-20
CVE-2026-5783 Reflected XSS in Beyaz Computer's CityPLus — CityPLusCWE-79 7.6 High2026-05-20
CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability — VisualizerCWE-79 6.5 Medium2026-05-20
CVE-2025-31985 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header — BigFix Service Management (SM)CWE-200 3.7 Low2026-05-20
CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery — Anomify AI – Anomaly Detection and AlertingCWE-352 4.3 Medium2026-05-20
CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS — Email Encoder--2026-05-20
CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header — AI Chatbot & Workflow Automation by AIWUCWE-79 6.4 Medium2026-05-20
CVE-2026-9056 Security fix for Qlik Talend Administration Center cross-site scripting vulnerability — Talend Administration Center 5.4 Medium2026-05-20
CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation — Xpro Addons — 140+ Widgets for ElementorCWE-862 5.3 Medium2026-05-20
CVE-2026-7460 mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped — mailcow-dockerizedCWE-79--2026-05-20
CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — Logo Manager For EnamadCWE-79 6.4 Medium2026-05-20
CVE-2026-8038 Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute — Faces of UsersCWE-79 6.4 Medium2026-05-20
CVE-2026-6395 Word 2 Cash <= 0.9.2 - Cross-Site Request Forgeryto Stored Cross-Site Scripting via Settings Page — Word 2 CashCWE-352 6.1 Medium2026-05-20
CVE-2026-6399 General Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter — General OptionsCWE-79 4.4 Medium2026-05-20
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — Amazon ScraperCWE-352 4.3 Medium2026-05-20
CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter — 診断ジェネレータ作成プラグインCWE-79 6.4 Medium2026-05-20
CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters — Sentence To SEO (keywords, description and tags)CWE-352 6.1 Medium2026-05-20
CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — BLOGCHAT Chat SystemCWE-352 6.1 Medium2026-05-20
CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter — VatanSMS WP SMSCWE-79 6.1 Medium2026-05-20
CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter — SponsorMeCWE-79 6.1 Medium2026-05-20
CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter — Correct PricesCWE-79 6.1 Medium2026-05-20
CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter — Anomify AI – Anomaly Detection and AlertingCWE-79 4.4 Medium2026-05-20
CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute — StickyCWE-79 6.4 Medium2026-05-20
CVE-2026-8624 LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter — LJ comments import: reloadedCWE-79 6.1 Medium2026-05-20
CVE-2026-44924 InfoScale VIOM 9.1.3跨站脚本漏洞 — n/a--2026-05-20
CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036 — Colorbox InlineCWE-79--2026-05-19
CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033 — ObfuscateCWE-79--2026-05-19
CVE-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003 — Drupal coreCWE-79--2026-05-19
CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001 — Drupal coreCWE-79--2026-05-19

Vulnerabilities classified as type:xss represent 48678 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.