CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33411	Discourse's solved topic stream has potential stored XSS in topic title — discourse	5.4	Medium	2026-03-20
CVE-2026-33230	nltk Vulnerable to Cross-site Scripting — nltk	6.1	Medium	2026-03-20
CVE-2026-33209	Avo has a XSS vulnerability on `return_to` param — avo	6.1	-	2026-03-20
CVE-2026-33172	Statamic has Stored XSS via SVG Sanitization Bypass — cms	8.7	High	2026-03-20
CVE-2026-33140	PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution — PySpector	5.4	-	2026-03-20
CVE-2026-4495	atjiu pybbs CommentApiController.java create cross site scripting — pybbs	3.5	Low	2026-03-20
CVE-2026-4494	atjiu pybbs TopicApiController.java create cross site scripting — pybbs	3.5	Low	2026-03-20
CVE-2026-32844	XinLiangCoder / php_api_doc Reflected XSS via list_method.php — php_api_doc	6.1	Medium	2026-03-20
CVE-2026-22895	QuFTP Service — QuFTP Service	4.8	-	2026-03-20
CVE-2026-32986	Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection — Textpattern CMS	6.1	Medium	2026-03-20
CVE-2026-31382	Gainsight Assist reflected XSS/HTML injection — Gainsight Assist	6.1	Medium	2026-03-20
CVE-2026-33136	WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter — WeGIA	9.3	Critical	2026-03-20
CVE-2026-33135	WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter — WeGIA	9.3	Critical	2026-03-20
CVE-2024-31119	WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability — Special Box for Content	5.9	Medium	2026-03-20
CVE-2026-33080	Filament: Unvalidated Range and Values summarizer values can be used for XSS — filament	7.3	High	2026-03-20
CVE-2026-2432	CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels — CM Custom Reports – Flexible reporting to track what matters most	4.4	Medium	2026-03-20
CVE-2026-33067	SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata — siyuan	7.6	-	2026-03-20
CVE-2026-33066	SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering — siyuan	5.4	-	2026-03-20
CVE-2026-33061	Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template — Jexactyl	5.8	Medium	2026-03-20
CVE-2026-4474	itsourcecode University Management System admin_single_student_update.php cross site scripting — University Management System	2.4	Low	2026-03-20
CVE-2026-33051	Craft CMS Vulnerable to Stored XSS in Revision Context Menu — cms	5.4	-	2026-03-20
CVE-2026-33035	Unauthenticated Reflected XSS via innerHTML in AVideo — AVideo	6.1	-	2026-03-20
CVE-2026-32940	SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) — siyuan	9.3	Critical	2026-03-20
CVE-2026-32890	Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config — Anchorr	9.7	Critical	2026-03-20
CVE-2026-32880	ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php — CRM	6.4	Medium	2026-03-20
CVE-2026-32757	Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection — admidio	5.4	Medium	2026-03-19
CVE-2026-29106	SuiteCRM has blind XSS in return_id parameter — SuiteCRM	5.9	Medium	2026-03-19
CVE-2026-29100	SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter — SuiteCRM	7.1	High	2026-03-19
CVE-2026-32721	LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal — luci	8.6	High	2026-03-19
CVE-2026-33395	Discourse has stored click‑based XSS via Graphviz SVG javascript: links — discourse	4.4	Medium	2026-03-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499