Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF — PaperCut NG/MF 4.8AIMediumAI2026-03-31
CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting — Online Food Ordering System 4.3 Medium2026-03-30
CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-03-30
CVE-2026-34557 CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-03-30
CVE-2026-27599 CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 4.7 Medium2026-03-30
CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft — Tautulli 7.6 -2026-03-30
CVE-2026-27508 Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter — Express 5.4 Medium2026-03-30
CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter — Express 5.4 Medium2026-03-30
CVE-2026-5106 code-projects Exam Form Submission update_fst.php cross site scripting — Exam Form Submission 2.4 Low2026-03-30
CVE-2026-2602 Twentig <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' — Twentig Supercharged Block Editor – Blocks, Patterns, Starter Sites, Portfolio 6.4 Medium2026-03-29
CVE-2026-5015 elecV2 elecV2P Endpoint logs cross site scripting — elecV2P 4.3 Medium2026-03-28
CVE-2026-2595 Quads Ads Manager for Google AdSense <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters — Quads Ads Manager for Google AdSense 5.4 Medium2026-03-28
CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting — OpenUI 3.5 Low2026-03-28
CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection — OpenUI 4.3 Medium2026-03-27
CVE-2026-4991 QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting — Smart School Management System 3.5 Low2026-03-27
CVE-2026-33955 Notesnook vulnerable to RCE via stored XSS in Note History diff viewer — Notesnook Web/Desktop 8.6 High2026-03-27
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering — Notesnook Web/Desktop 9.7 Critical2026-03-27
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options — handlebars.js 8.3 High2026-03-27
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection — handlebars.js 4.7 Medium2026-03-27
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag — cms 6.1 Medium2026-03-27
CVE-2026-4973 SourceCodester Online Quiz System add-question.php cross site scripting — Online Quiz System 3.5 Low2026-03-27
CVE-2026-33739 FOG has Stored XSS in Multiple Management Pages — fogproject 5.7 Medium2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs — core 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name — core 5.4 -2026-03-27
CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting — Online Reviewer System 2.4 Low2026-03-27
CVE-2026-4969 code-projects Social Networking Site Alert home.php cross site scripting — Social Networking Site 3.5 Low2026-03-27
CVE-2026-34375 AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page — AVideo 8.2 High2026-03-27
CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload — langflow 5.4 -2026-03-27
CVE-2026-5010 Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu — Clickedu 6.1 -2026-03-27
CVE-2026-32859 ByteDance DeerFlow Stored XSS via Inline Artifact Rendering — DeerFlow 5.4 Medium2026-03-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.