Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuan 6.1 -2026-03-31
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution — siyuan 8.6 High2026-03-31
CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client — siyuan 9.1 Critical2026-03-31
CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes — og-image 6.1 Medium2026-03-31
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php — AVideo 6.1 Medium2026-03-31
CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification — AVideo 6.4 Medium2026-03-31
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel — AVideo 6.1 Medium2026-03-31
CVE-2026-3468 SonicWALL Email Security 跨站脚本漏洞 — Email Security 4.8AIMediumAI2026-03-31
CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template — captcha-protect 6.1 Medium2026-03-31
CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting — Leave Application System 2.4 Low2026-03-31
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. — Pega Infinity 4.8AIMediumAI2026-03-31
CVE-2026-32607 Discourse: Stored XSS via unescaped assignee name — discourse 5.4 -2026-03-31
CVE-2026-32273 Discourse: XSS on category description update via API — discourse 5.4 Medium2026-03-31
CVE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox — discourse 5.4 -2026-03-31
CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag — slippers 6.1 Medium2026-03-31
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar — Checkmk 5.4AIMediumAI2026-03-31
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names — Checkmk 5.4AIMediumAI2026-03-31
CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI — Query Monitor 7.2 High2026-03-31
CVE-2026-34887 WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability — Kubio AI Page Builder 6.5 Medium2026-03-31
CVE-2026-3107 Multiple vulnerabilities in Teampass — Teampass 5.4AIMediumAI2026-03-31
CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server — Anon Proxy Server 6.1AIMediumAI2026-03-31
CVE-2025-41356 Reflected Cross-Site Scripting in Anon Proxy Server — Anon Proxy Server 6.1AIMediumAI2026-03-31
CVE-2026-3106 Multiple vulnerabilities in Teampass — Teampass 6.1AIMediumAI2026-03-31
CVE-2025-41355 Reflected Cross-Site Scripting on Anon Proxy Server — Anon Proxy Server 6.1AIMediumAI2026-03-31
CVE-2025-10553 Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — DELMIA Factory Resource Manager 8.7 High2026-03-31
CVE-2025-10551 Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — ENOVIA Collaborative Industry Innovator 8.7 High2026-03-31
CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page — Auto Post Scheduler 6.1 Medium2026-03-31
CVE-2026-4146 Loco Translate <= 2.8.2 - Reflected Cross-Site Scripting via 'update_href' Parameter — Loco Translate 6.1 Medium2026-03-31
CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS — basercms 7.1 High2026-03-31
CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post — basercms 6.1AIMediumAI2026-03-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.