XSS に分類される脆弱性に紐づく CVE を一覧表示します。新しい公開が先頭に来る並びで、CVSS / EPSS に基づく絞り込みにも対応しています。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
公開年を問わず、XSS に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-12425 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user. | 5.7 | 0.26% | 2026-06-16 | 2026-06-16 |
| CVE-2026-53841 | OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link. | 2.1 | 0.19% | 2026-06-16 | 2026-06-16 |
| CVE-2024-30476 | PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. | 5.4 | 0.20% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39437 | Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | 7.1 | 0.14% | 2026-06-16 | 2026-06-16 |
| CVE-2026-10093 | The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-48157 | Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to include untrusted/request-derived data in the error title or description (e.g. "No products found matching '{$query}'."), an attacker could inject arbitrary HTML/JavaScript that executes in the victim's browser when they encounter an HTML error page generated by Slim. The vulnerability is present ev | 6.1 | 0.26% | 2026-06-15 | 2026-06-16 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49773 | Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | 6.5 | 0.17% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49055 | Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48966 | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48885 | Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48880 | Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. | 6.5 | 0.21% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48876 | Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48871 | Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | 7.1 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48870 | Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. | 6.5 | 0.21% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48867 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48838 | Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. | 7.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-45437 | Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |