🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ XSS
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
XSS
This page lists
3367 vulnerabilities
in this category.
Vulnerability Name
CVE
CWE
Severity
Joomla! Core Cross-Site Scripting (1.7.0 - 3.9.5)
CVE-2019-11809
CWE-79
High
Joomla! Core Cross-Site Scripting (1.0.0 - 3.9.2)
CVE-2019-7742
CWE-79
High
Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (2.5.0 - 3.9.1)
CVE-2019-6264
CWE-79
High
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.20)
CVE-2020-24599
CWE-79
High
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)
CVE-2020-8421
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.19)
CVE-2020-15696
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.18)
CVE-2020-13761
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.15)
CVE-2020-10242
CWE-79
High
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)
CVE-2021-23124
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.27)
CVE-2021-26039
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.26)
CVE-2021-26032
CWE-79
High
WordPress Comment Post Cross-Site Scripting Vulnerability (2.0)
CVE-2006-0733
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.1.0 - 3.9.23)
CVE-2021-23125
CWE-79
High
Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)
CVE-2021-23129
CWE-79
High
Joomla! Core 3.x.x Cross-Site Scripting (3.7.0 - 3.10.6)
CVE-2022-23796
CWE-79
High
Joomla! Core 4.x.x Cross-Site Scripting (4.0.0 - 4.2.4)
CVE-2022-27914
CWE-79
High
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)
-
CWE-89
High
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1)
-
CWE-79
High
WordPress 'edit.php' Cross-Site Scripting Vulnerability (1.5)
-
CWE-79
High
WordPress 'post.php' Cross-Site Scripting Vulnerability (1.5)
-
CWE-79
High
WordPress 2.0.5 Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)
CVE-2006-6808
CWE-79
High
WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)
CVE-2007-0106
CWE-79
High
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)
-
CWE-79
High
Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.17)
-
CWE-79
High
WordPress 4.0.x Cross-Site Scripting Vulnerability (4.0 - 4.0.8)
CVE-2016-1564
CWE-79
High
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2019-17231
CWE-79
High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities
-
CWE-79
High
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities
CVE-2012-3302
CWE-79
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
Vulnerabilities in SharePoint could allow elevation of privilege
CVE-2012-1859
CWE-79
High
Typo3 core sanitizeLocalUrl() non-persistent cross-site scripting
CVE-2015-5956
CWE-79
High
Cross-site Scripting via File Upload
-
CWE-79
High
Web Server Cache Poisoning (CMS Made Simple) v2.x
CVE-2016-2784
CWE-20
High
WordPress Plugin WPML Unauthenticated Stored XSS
CVE-2018-18069
CWE-80
High
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2018-15440
CWE-80
High
Cross site scripting (XSS) in ASP.NET via ResolveUrl
-
CWE-79
High
WebLogic Server Side Request Forgery
CVE-2014-4242
CWE-918
High
Ghost CMS Theme Preview XSS (CVE-2021-29484)
CVE-2021-29484
CWE-79
High
Client Side Template Injection
-
CWE-116
High
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
Swagger UI DOM XSS vulnerability
-
CWE-80
High
Citrix Gateway Open Redirect and XSS
CVE-2023-24487
CWE-79
High
SAML Consumer Service XSS vulnerability
-
CWE-80
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)
CVE-2006-1226
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)
CVE-2005-0682
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)
CVE-2005-3973
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)
CVE-2006-1226
CWE-79
High
CKEditor 4.0.1 cross-site scripting vulnerability
-
CWE-79
High
Microsoft SharePoint XSS spoofing vulnerability
CVE-2015-2522
CWE-80
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)
CVE-2007-0136
CWE-79
High
Blind XSS
-
CWE-80
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
Cross-site Scripting
-
CWE-79
High
Cross site scripting via Bootstrap
-
CWE-79
High
Cross site scripting in HTTP-01 ACME challenge implementation
-
CWE-79
High
Edge Side Include injection
-
CWE-918
High
User controllable script source
-
CWE-79
High
ColdFusion User-Agent cross-site scripting
CVE-2007-0817
CWE-79
High
Adobe Flex 3 DOM-based XSS vulnerability
CVE-2008-2640
CWE-79
High
AngularJS client-side template injection
-
CWE-79
High
File upload XSS (Java applet)
-
CWE-79
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
Railo administration panel cross-site scripting
-
CWE-80
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Multiple XSS vulnerabilities in Google Web Toolkit
CVE-2013-4204
CWE-80
High
Genericons DOM-based XSS vulnerability
-
CWE-80
High
JIRA Security Advisory 2012-08-28
-
CWE-79
High
Joomla! component Kunena Forum multiple vulnerabilities
CVE-2014-9103
CWE-89
High
MediaWiki SVG cross-site scripting vulnerability
-
CWE-79
High
Parallels Plesk SSO XML External Entity and Cross-site scripting
-
CWE-611
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)
CVE-2006-4002
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)
CVE-2006-2833
CWE-79
High
«
1
...
29
30
31
...
45
»
