Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7027 D-Link DSL-2740R Wireless Setup Section cross site scripting — DSL-2740R 2.4 Low2026-04-26
CVE-2026-7026 D-Link DGS-3420 System Information Settings cross site scripting — DGS-3420 4.5 Medium2026-04-26
CVE-2026-7016 MaxSite CMS ushki Plugin cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7014 MaxSite CMS down_count Plugin cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7013 MaxSite CMS mail_send Plugin cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7012 MaxSite CMS Redirect Plugin cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7011 MaxSite CMS Antispam Plugin plugin_antispam cross site scripting — CMS 2.4 Low2026-04-26
CVE-2026-7001 Datacom DM4100 Ethernet Configuration cross site scripting — DM4100 2.4 Low2026-04-25
CVE-2026-7000 Datacom DM4100 VLAN Page cross site scripting — DM4100 2.4 Low2026-04-25
CVE-2026-6999 BIVOCOM TR321 Wireless Setting cross site scripting — TR321 2.4 Low2026-04-25
CVE-2026-6998 BDCOM P3310D New RMON Statistics cross site scripting — P3310D 2.4 Low2026-04-25
CVE-2026-6997 BDCOM P3310D New RMON History cross site scripting — P3310D 2.4 Low2026-04-25
CVE-2026-6996 BDCOM P3310D rmon event Tab cross site scripting — P3310D 2.4 Low2026-04-25
CVE-2026-6995 BDCOM P3310D New User index.asp cross site scripting — P3310D 2.4 Low2026-04-25
CVE-2026-6990 projeto-siga novo cross site scripting — siga 3.5 Low2026-04-25
CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard — cyberpanel 6.1AIMediumAI2026-04-24
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates — pretalx 6.1 Medium2026-04-24
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass — astro 6.1 Medium2026-04-24
CVE-2026-4313 Stored XSS in AdaptiveGRC — AdaptiveGRC 5.4AIMediumAI2026-04-24
CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues — Apache ActiveMQ 5.4AIMediumAI2026-04-24
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — ITERAS 6.4 Medium2026-04-24
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.4 Medium2026-04-24
CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component — anything-llm 5.4 Medium2026-04-24
CVE-2026-41430 Press vulnerable to reflected XSS on login redirection — press 6.1AIMediumAI2026-04-24
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output — postcss 6.1 Medium2026-04-24
CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login — xibo-cms 6.4 Medium2026-04-24
CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead — pretalx 8.7 High2026-04-23
CVE-2026-40472 Hackage package metadata stored XSS vulnerability 9.9 Critical2026-04-23
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability 9.9 Critical2026-04-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.