Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability — Indoor Connect 8855 5.4 -2026-03-25
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer — Hitachi Infrastructure Analytics Advisor 8.2 High2026-03-25
CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta — Easy Image Gallery 6.4 Medium2026-03-25
CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass — commonmark 9.1 -2026-03-24
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify — orpc 8.2 High2026-03-24
CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint — Wallos 5.4 Medium2026-03-24
CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options — dicebear 4.7 Medium2026-03-24
CVE-2026-4754 CWE-79 in MolotovCherry Android-ImageMagick7 — Android-ImageMagick7 6.1 Medium2026-03-24
CVE-2026-4626 projectworlds Lawyer Management System lawyer_booking.php cross site scripting — Lawyer Management System 3.5 Low2026-03-24
CVE-2026-4616 bolo-blog Article Title article cross site scripting — bolo-blog 2.4 Low2026-03-24
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#% — activesupport 8.6 -2026-03-23
CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers — actionview 6.1 -2026-03-23
CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions — actionpack 6.1 -2026-03-23
CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View — connect-cms 8.7 High2026-03-23
CVE-2025-60948 Census CSWeb stored XSS — CSWeb 4.6 Medium2026-03-23
CVE-2026-4596 projectworlds Lawyer Management System lawyers.php cross site scripting — Lawyer Management System 3.5 Low2026-03-23
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline — mantisbt 5.4 -2026-03-23
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation — mantisbt 5.4 -2026-03-23
CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter — MailEnable 6.1 -2026-03-23
CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx Attendees Parameter — MailEnable 6.1 -2026-03-23
CVE-2026-32850 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter — MailEnable 6.1 -2026-03-23
CVE-2026-33683 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field — AVideo 5.4 Medium2026-03-23
CVE-2026-4595 code-projects Exam Form Submission update_s6.php cross site scripting — Exam Form Submission 2.4 Low2026-03-23
CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization — AVideo 5.4 Medium2026-03-23
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php — AVideo 6.1 Medium2026-03-23
CVE-2026-4578 code-projects Exam Form Submission update_s3.php cross site scripting — Exam Form Submission 2.4 Low2026-03-23
CVE-2025-6229 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` — Sina Extension for Elementor 6.4 Medium2026-03-23
CVE-2026-4577 code-projects Exam Form Submission update_s4.php cross site scripting — Exam Form Submission 2.4 Low2026-03-23
CVE-2026-4576 code-projects Exam Form Submission update_s5.php cross site scripting — Exam Form Submission 2.4 Low2026-03-23
CVE-2026-4575 code-projects Exam Form Submission update_s2.php cross site scripting — Exam Form Submission 2.4 Low2026-03-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.