Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21498

21498 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4389 DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute — DSGVO snippet for Leaflet Map and its Extensions 6.4 Medium2026-03-26
CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header — Blackhole for Bad Bots 7.2 High2026-03-26
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute — Simple Download Counter 6.4 Medium2026-03-26
CVE-2026-1986 FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter — FloristPress for Woo – Customize your eCommerce store for your Florist 6.1 Medium2026-03-26
CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute — BWL Advanced FAQ Manager Lite 6.4 Medium2026-03-26
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF 5.4 Medium2026-03-26
CVE-2026-4835 code-projects Accounting System Web Application add_costumer.php cross site scripting — Accounting System 3.5 Low2026-03-26
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor — openemr 6.1 Medium2026-03-25
CVE-2026-33932 OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes — openemr 7.6 High2026-03-25
CVE-2026-33912 OpenEMR has reflected XSS in ajax_download.php via reportID parameter — openemr 5.4 Medium2026-03-25
CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter — openemr 5.4 Medium2026-03-25
CVE-2026-33348 OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3 — openemr 8.7 High2026-03-25
CVE-2026-2483 IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information Server 5.4 Medium2026-03-25
CVE-2026-2485 IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information Server 4.8 Medium2026-03-25
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering — n8n 4.6 -2026-03-25
CVE-2026-1001 Domoticz < 2026.1 Stored XSS via Hardware Configuration Endpoint — Domoticz 4.8 -2026-03-25
CVE-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 5.4 Medium2026-03-25
CVE-2026-32542 WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability — Fusion Builder 6.1 -2026-03-25
CVE-2026-32545 WordPress Taboola Pixel plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Taboola Pixel 6.1 -2026-03-25
CVE-2026-32544 WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability — OOPSpam Anti-Spam 5.4 -2026-03-25
CVE-2026-32540 WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability — Bookly 6.1 -2026-03-25
CVE-2026-32532 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability — Contact Form & Lead Form Elementor Builder 6.1 -2026-03-25
CVE-2026-32529 WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability — Molla 6.1 -2026-03-25
CVE-2026-32528 WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability — Riode 6.1 -2026-03-25
CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — Abandoned Cart Recovery for WooCommerce 5.4 -2026-03-25
CVE-2026-32517 WordPress Contact Manager plugin <= 9.1 - Reflected Cross Site Scripting (XSS) vulnerability — Contact Manager 6.1 -2026-03-25
CVE-2026-32521 WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability — WP Custom Admin Interface 6.1 -2026-03-25
CVE-2026-32518 WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gaea 6.1 -2026-03-25
CVE-2026-32494 WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability — Image Slider by Ays 6.1 -2026-03-25
CVE-2026-32491 WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability — WP Review Slider 5.4 -2026-03-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21498 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.