CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41239	DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode — DOMPurify	6.8	Medium	2026-04-23
CVE-2026-41238	DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback — DOMPurify	6.9	Medium	2026-04-23
CVE-2025-62110	WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability — Rescue Shortcodes	6.5	Medium	2026-04-23
CVE-2026-28040	WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability — Taxi Booking Manager for WooCommerce	6.5	Medium	2026-04-23
CVE-2026-3361	WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta — WP Store Locator	6.4	Medium	2026-04-23
CVE-2026-2951	Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML — Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor	5.4	Medium	2026-04-23
CVE-2026-1923	Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id — Social Rocket – Social Sharing Plugin	6.4	Medium	2026-04-23
CVE-2026-41200	STIG Manager has reflected XSS vulnerability in the Web App — stig-manager	6.1^AI	Medium^AI	2026-04-23
CVE-2026-4918	IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data Protection	5.5	Medium	2026-04-22
CVE-2026-4919	IBM Guardium Data Protection is affected by multiple vulnerabilities — Guardium Data Protection	4.8	Medium	2026-04-22
CVE-2026-3837	Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters — Frappe	5.4^AI	Medium^AI	2026-04-22
CVE-2026-3673	Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer — Frappe	5.4^AI	Medium^AI	2026-04-22
CVE-2026-5262	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab	8.0	High	2026-04-22
CVE-2024-58344	Carbon Forum 5.9.0 Persistent XSS via Forum Name Field — Carbon Forum	6.4	Medium	2026-04-22
CVE-2018-25269	ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection — ICEWARP Client	6.1	Medium	2026-04-22
CVE-2026-1913	Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute — Gallagher Website Design	6.4	Medium	2026-04-22
CVE-2026-1395	Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes — Gutentools	6.4	Medium	2026-04-22
CVE-2026-4353	CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — CI HUB Connector	6.4	Medium	2026-04-22
CVE-2026-6236	Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute — Posts map	6.4	Medium	2026-04-22
CVE-2026-2719	Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting — Private WP suite	4.4	Medium	2026-04-22
CVE-2026-5748	Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute — Text Snippets	6.4	Medium	2026-04-22
CVE-2026-6246	Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute — Simple Random Posts Shortcode	6.4	Medium	2026-04-22
CVE-2026-4074	Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Quran Live Multilanguage	6.4	Medium	2026-04-22
CVE-2026-4085	Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute — Easy Social Photos Gallery – MIF	6.4	Medium	2026-04-22
CVE-2026-4142	Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field — Sentence To SEO (keywords, description and tags)	4.4	Medium	2026-04-22
CVE-2026-4125	WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WPMK Block	6.4	Medium	2026-04-22
CVE-2026-3362	Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting — Short Comment Filter	4.4	Medium	2026-04-22
CVE-2026-4089	Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Twittee Text Tweet	6.4	Medium	2026-04-22
CVE-2026-5767	SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute — SlideShowPro SC	6.4	Medium	2026-04-22
CVE-2026-4076	Slider Bootstrap Carousel <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Slider Bootstrap Carousel	6.4	Medium	2026-04-22

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489