Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21495

21495 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4108 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-4107 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-3880 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-3879 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28703 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28756 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28754 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-35539 Roundcube Webmail 跨站脚本漏洞 — Webmail 6.1 Medium2026-04-03
CVE-2026-35508 shynet 跨站脚本漏洞 — Shynet 5.4 Medium2026-04-03
CVE-2026-35466 Stored XSS via unsanitized input from remote service — cveClient/cveInterface.js 6.1AIMediumAI2026-04-02
CVE-2026-34848 hoppscotch: Stored XSS in team member overflow tooltip via display name — hoppscotch 5.4 Medium2026-04-02
CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin — hoppscotch 8.1AIHighAI2026-04-02
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme — Kiro IDE 7.8 High2026-04-02
CVE-2026-34606 Stored XSS in Frappe LMS — lms 5.4AIMediumAI2026-04-02
CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" — yeswiki 6.1AIMediumAI2026-04-02
CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting — laravel-crm 3.5 Low2026-04-02
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation — phpMyFAQ 5.4 Medium2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() — phpMyFAQ 6.1 Medium2026-04-02
CVE-2026-34823 Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34822 Endian Firewall /manage/ca/certificate/ new_cert_name Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34821 Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34820 Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34819 Endian Firewall /cgi-bin/openvpnclient.cgi REMARK Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34818 Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34817 Endian Firewall /cgi-bin/smtprouting.cgi ADDRESS BCC Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34816 Endian Firewall /manage/smtpscan/domainrouting/ domain Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34815 Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34814 Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34812 Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34813 Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21495 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.