Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21496

21496 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5615 givanz Vvvebjs File Upload Endpoint upload.php cross site scripting — Vvvebjs 4.3 Medium2026-04-06
CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection — Ask Expert Script 8.2 High2026-04-05
CVE-2026-5568 Akaunting Invoice/Billing cross site scripting — Akaunting 3.5 Low2026-04-05
CVE-2026-5542 code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5541 code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5539 code-projects Simple Laundry System Parameter modifymember.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5533 badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting — pi-mono 4.3 Medium2026-04-05
CVE-2016-20054 Nodcms Cross Site Request Forgery via admin endpoints — nodCMS 4.3 Medium2026-04-04
CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS — MyBB Last User's Threads in Profile Plugin 7.2 High2026-04-04
CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment — MyBB My Arcade Plugin 6.4 Medium2026-04-04
CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php — MyBB Downloads Plugin 7.2 High2026-04-04
CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles — MyBB Like Plugin 6.1 Medium2026-04-04
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting — Visitor Traffic Real Time Statistics 7.2 High2026-04-04
CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell 6.4 Medium2026-04-04
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode — WP Travel Engine – Tour Booking Plugin – Tour Operator Software 6.4 Medium2026-04-04
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo Feed 7.2 High2026-04-04
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2026-04-04
CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-04
CVE-2026-0552 Simple Shopping Cart <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode — Simple Shopping Cart 6.4 Medium2026-04-04
CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-04
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.4 Medium2026-04-04
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 6.4 Medium2026-04-04
CVE-2025-15064 Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 6.4 Medium2026-04-04
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2026-04-04
CVE-2026-2924 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad' — Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 6.4 Medium2026-04-04
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass — emlog 6.1 Medium2026-04-03
CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette — budibase 8.7 High2026-04-03
CVE-2026-5468 Casdoor dangerouslySetInnerHTML cross site scripting — Casdoor 3.5 Low2026-04-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.