CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Cross-site scripting vulnerabilities

XSS123 advisories33 exploitedlatest 2026-07-10

Cross-site scripting executes attacker-controlled JavaScript in another user’s browser session. Stored XSS in admin interfaces is the dangerous variant tracked here: it turns a low-privilege foothold into admin session theft, and several appliance XSS bugs have been chained into full compromise in real attacks.

Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged cross-site scripting, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.

Latest cross-site scripting advisories

Other vulnerability classes

Remote code execution (1013)Privilege escalation (493)Authentication bypass (372)Denial of service (611)Information disclosure (425)Memory corruption (269)Path traversal (102)Code injection (93)Unsafe deserialization (49)SQL injection (51)Server-side request forgery (38)