Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25100 Stored XSS via SVG File Upload in Bludit — Bludit 5.4 -2026-03-27
CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC — Sentinel LDK Runtime 5.4 -2026-03-27
CVE-2026-33559 WordPress plugin OpenStreetMap 跨站脚本漏洞 — OpenStreetMap 5.4 -2026-03-27
CVE-2026-4909 code-projects Exam Form Submission update_s7.php cross site scripting — Exam Form Submission 2.4 Low2026-03-27
CVE-2026-4899 code-projects Online Food Ordering System food.php cross site scripting — Online Food Ordering System 2.4 Low2026-03-26
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables — PrestaShop 7.7 High2026-03-26
CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields — kestra 7.3 High2026-03-26
CVE-2026-4898 code-projects Online Food Ordering System contact.php cross site scripting — Online Food Ordering System 4.3 Medium2026-03-26
CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS) — Uploady 4.6 Medium2026-03-26
CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes — invoiceninja 5.4 Medium2026-03-26
CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items — invoiceninja 5.4 Medium2026-03-26
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint) — Lychee 6.1 -2026-03-26
CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 — Google Analytics GA4 6.1AIMediumAI2026-03-26
CVE-2026-3528 Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023 — Calculation Fields 6.1AIMediumAI2026-03-26
CVE-2026-33525 Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting — authelia 6.1 -2026-03-26
CVE-2026-34071 Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export — Stirling-PDF 5.4 Medium2026-03-26
CVE-2026-33402 SAK-52311: Sakai site-manage group titles can contain XSS content — sakai 5.4 -2026-03-26
CVE-2026-28298 SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-Hosted 5.9 Medium2026-03-26
CVE-2026-28297 SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-Hosted 6.1 Medium2026-03-26
CVE-2026-2389 Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter — Complianz – GDPR/CCPA Cookie Consent 4.9 Medium2026-03-26
CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters — Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution 7.2 High2026-03-26
CVE-2026-4877 itsourcecode Payroll Management System index.php cross site scripting — Payroll Management System 4.3 Medium2026-03-26
CVE-2025-41027 Multiple vulnerabilities in GDTaller — GDTaller 6.1 -2026-03-26
CVE-2025-41026 Multiple vulnerabilities in GDTaller — GDTaller 6.1 -2026-03-26
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter — Ticaret V4 8.2 High2026-03-26
CVE-2026-4849 code-projects Simple Laundry System Parameter modify.php cross site scripting — Simple Laundry System 4.3 Medium2026-03-26
CVE-2026-4848 dameng100 muucmf list.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4847 dameng100 muucmf list.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4846 dameng100 muucmf autoReply.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4845 dameng100 muucmf index.html cross site scripting — muucmf 4.3 Medium2026-03-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.