Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34814 Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34812 Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34813 Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34811 Endian Firewall /cgi-bin/xtaccess.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34810 Endian Firewall /cgi-bin/vpnfw.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34809 Endian Firewall /cgi-bin/zonefw.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34808 Endian Firewall /cgi-bin/outgoingfw.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34807 Endian Firewall /cgi-bin/incoming.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34806 Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34805 Endian Firewall /cgi-bin/dnat.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34804 Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34803 Endian Firewall /manage/qos/classes/ name Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34801 Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34802 Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34800 Endian Firewall /cgi-bin/uplinkeditor.cgi NAME Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34799 Endian Firewall /manage/dnsmasq/hosts/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-34798 Endian Firewall /cgi-bin/routing.cgi remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02
CVE-2026-2737 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application — Flowmon 8.3AIHighAI2026-04-02
CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting — Panel 3.5 Low2026-04-02
CVE-2026-34890 WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability — MSTW League Manager 6.5 Medium2026-04-02
CVE-2026-29136 CA Notification HTML Injection — Secure Email Gateway 5.4AIMediumAI2026-04-02
CVE-2026-5325 SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting — Simple Customer Relationship Management System 3.5 Low2026-04-02
CVE-2026-5319 itsourcecode Payroll Management System navbar.php cross site scripting — Payroll Management System 4.3 Medium2026-04-02
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise — ci4ms 10.0 Critical2026-04-01
CVE-2026-34569 CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 10.0 Critical2026-04-01
CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34567 CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34565 CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34564 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.