Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34563 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 4.7 Medium2026-04-01
CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 4.7 Medium2026-04-01
CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection — filebrowser 6.9 Medium2026-04-01
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file — filebrowser 7.6 High2026-04-01
CVE-2026-4364 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 5.4 Medium2026-04-01
CVE-2026-34748 @payloadcms/next has Stored XSS in Admin Panel — payload 8.7 High2026-04-01
CVE-2026-20090 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20089 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20087 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20088 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 6.1 Medium2026-04-01
CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata — notesnook 5.4 Medium2026-04-01
CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets — King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder 6.4 Medium2026-04-01
CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search — VertiGIS FM 6.1AIMediumAI2026-04-01
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view — Joomla! CMS 6.1AIMediumAI2026-04-01
CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs — Joomla! CMS 5.4AIMediumAI2026-04-01
CVE-2026-34889 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for WPBakery Page Builder 6.5 Medium2026-04-01
CVE-2026-5255 code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-01
CVE-2026-5254 welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting — FFmate 3.5 Low2026-04-01
CVE-2026-5253 bufanyun HotGo editNotice Endpoint MessageList.vue cross site scripting — HotGo 3.5 Low2026-04-01
CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting — admin 3.5 Low2026-04-01
CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting — gougucms 3.5 Low2026-04-01
CVE-2026-35057 XenForo Stored Cross-Site Scripting via Structured Text Mentions — XenForo 6.4 Medium2026-04-01
CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts — XenForo 6.1 Medium2026-04-01
CVE-2026-35054 XenForo Stored Cross-Site Scripting via BB Code Rendering — XenForo 6.4 Medium2026-04-01
CVE-2026-5240 code-projects BloodBank Managing System admin_state.php cross site scripting — BloodBank Managing System 4.3 Medium2026-03-31
CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-03-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.