Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4557 code-projects Exam Form Submission update_s1.php cross site scripting — Exam Form Submission 4.3 Medium2026-03-22
CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php — AVideo 5.4 -2026-03-22
CVE-2026-4544 Wavlink WL-WN578W2 POST Request login.cgi cross site scripting — WL-WN578W2 2.4 Low2026-03-22
CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AI 6.4 Medium2026-03-22
CVE-2025-71276 SOGo 跨站脚本漏洞 — SOGo 6.4 Medium2026-03-22
CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting — PbootCMS 4.3 Medium2026-03-21
CVE-2026-4022 Show Posts list <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Show Posts list – Easy designs, filters and more 6.4 Medium2026-03-21
CVE-2026-1914 FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute — FuseDesk 6.4 Medium2026-03-21
CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Ed's Social Share 6.4 Medium2026-03-21
CVE-2026-1278 Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields — Mandatory Field 4.4 Medium2026-03-21
CVE-2026-2837 Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings — Ricerca – advanced search 4.4 Medium2026-03-21
CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting — Weaver Show Posts 4.4 Medium2026-03-21
CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes — PQ Addons – Creative Elementor Widgets 6.4 Medium2026-03-21
CVE-2026-3997 Text Toggle <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — Text Toggle 6.4 Medium2026-03-21
CVE-2026-3354 Wikilookup <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting — Wikilookup 4.4 Medium2026-03-21
CVE-2026-4161 Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Review Map by RevuKangaroo 4.4 Medium2026-03-21
CVE-2026-3554 Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — Sherk Custom Post Type Displays 6.4 Medium2026-03-21
CVE-2026-3353 Comment SPAM Wiper <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting — Comment SPAM Wiper 4.4 Medium2026-03-21
CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute — Twitter Feeds 6.4 Medium2026-03-21
CVE-2026-0609 Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode — Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin 6.4 Medium2026-03-21
CVE-2026-1575 Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Schema Shortcode 6.4 Medium2026-03-21
CVE-2026-1275 Multi Post Carousel by Category <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute — Multi Post Carousel by Category 6.4 Medium2026-03-21
CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes — Paypal Shortcodes 6.4 Medium2026-03-21
CVE-2026-1908 Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Integration with Hubspot Forms 6.4 Medium2026-03-21
CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter — Multi Functional Flexi Lightbox 5.5 Medium2026-03-21
CVE-2026-1647 Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Comment Genius 6.1 Medium2026-03-21
CVE-2026-2427 itsukaita <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter — itsukaita 6.1 Medium2026-03-21
CVE-2026-4072 WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute — WordPress PayPal Donation 6.4 Medium2026-03-21
CVE-2026-3333 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — MinhNhut Link Gateway 6.4 Medium2026-03-21
CVE-2026-3619 Sheets2Table <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute — Sheets2Table 6.4 Medium2026-03-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.