Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32455 WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability — MDTF 6.1 -2026-03-13
CVE-2026-32450 WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability — Active Products Tables for WooCommerce 6.1 -2026-03-13
CVE-2026-32449 WordPress Themify Event Post plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Themify Event Post 5.4 -2026-03-13
CVE-2026-32448 WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability — Podlove Podcast Publisher 5.4 -2026-03-13
CVE-2026-32430 WordPress PowerPack Addons for Elementor plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability — PowerPack Addons for Elementor 5.4 -2026-03-13
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — Astra Bulk Edit 6.1 -2026-03-13
CVE-2026-32429 WordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — Magical Addons For Elementor 5.4 -2026-03-13
CVE-2026-32424 WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability — Sprout Clients 5.4 -2026-03-13
CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability — List category posts 6.1 -2026-03-13
CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability — Embed Calendly 5.4 -2026-03-13
CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability — Toocheke Companion 6.1 -2026-03-13
CVE-2026-32361 WordPress Editorial Calendar plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability — Editorial Calendar 6.1 -2026-03-13
CVE-2026-32360 WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerability — Rich Showcase for Google Reviews 5.4 -2026-03-13
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Icon List Block 5.4 -2026-03-13
CVE-2026-32356 WordPress Robo Gallery plugin <= 5.1.2 - Cross Site Scripting (XSS) vulnerability — Robo Gallery 6.1 -2026-03-13
CVE-2026-32351 WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerability — PowerPress Podcasting 5.4 -2026-03-13
CVE-2026-32352 WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability — Elementor Website Builder 6.1 -2026-03-13
CVE-2026-31918 WordPress immonex Kickstart plugin <= 1.13.0 - Cross Site Scripting (XSS) vulnerability — immonex Kickstart 5.4 -2026-03-13
CVE-2026-3986 Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings — Calculated Fields Form 6.4 Medium2026-03-13
CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs — wpDiscuz 4.4 Medium2026-03-13
CVE-2026-22209 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag — wpDiscuz 5.5 Medium2026-03-13
CVE-2026-22183 wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview — wpDiscuz 6.1 Medium2026-03-13
CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting — cms 5.4 Medium2026-03-12
CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose") — oneuptime 7.6 High2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS — dataease 5.4AIMediumAI2026-03-12
CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity — unhead--2026-03-12
CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check — unhead 7.2AIHighAI2026-03-12
CVE-2026-25529 Postal has HTML injection / XSS in message view — postal 8.1 High2026-03-12
CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application — Flowmon ADS 6.1AIMediumAI2026-03-12
CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application — Flowmon ADS 8.4AIHighAI2026-03-12

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.