Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation — OpenClaw 4.6 Medium2026-03-19
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) — freescout 9.3 Critical2026-03-19
CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface — siyuan 5.4 -2026-03-19
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation — discourse 5.4 -2026-03-19
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox — discourse 5.4 -2026-03-19
CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args — openemr 8.7 High2026-03-19
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View — openemr 5.4 Medium2026-03-19
CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers — openemr 5.4 -2026-03-19
CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page — openemr 4.4 Medium2026-03-19
CVE-2026-32869 OPEXUS eComplaint and eCASE XSS via Name of Organization field — eComplaint 5.5 Medium2026-03-19
CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information — eComplaint 5.5 Medium2026-03-19
CVE-2026-32866 OPEXUS eComplaint and eCase stored XSS via profile first and last name — eCASE 5.5 Medium2026-03-19
CVE-2026-32843 Linkit ONE Location Aware Sensor System (LASS) Reflected XSS via PM25.php — Location Aware Sensor System (LASS) 6.1 -2026-03-19
CVE-2026-21788 HCL Connections is vulnerable to cross-site scripting (XSS) — Connections 5.4 Medium2026-03-19
CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.12 - Cross Site Scripting (XSS) vulnerability — Everest Forms Pro 7.1 High2026-03-19
CVE-2026-27068 WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability — Website LLMs.txt 7.1 High2026-03-19
CVE-2026-25442 WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability — Kentha 7.1 High2026-03-19
CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gutenberg Blocks 7.1 High2026-03-19
CVE-2025-68836 WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Table of Contents Creator 7.1 High2026-03-19
CVE-2025-67618 WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Brookside 7.1 High2026-03-19
CVE-2025-62043 WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — WPCasa 6.5 Medium2026-03-19
CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Opt-In Builder 7.1 High2026-03-19
CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Composer 6.1 -2026-03-19
CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability — Unica Marketing Operations (Plan) 7.6 High2026-03-19
CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter — Draft List 6.4 Medium2026-03-19
CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Info Cards – Add Text and Media in Card Layouts 6.4 Medium2026-03-19
CVE-2026-28044 WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) vulnerability — WP Rocket 5.9 Medium2026-03-19
CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP eMember 7.1 High2026-03-19
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat Analytics 7.2 High2026-03-19
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting — QRadar SIEM 5.4 Medium2026-03-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.