Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500

21500 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application — Flowmon ADS 8.4AIHighAI2026-03-12
CVE-2026-2987 Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' — Simple Ajax Chat – Add a Fast, Secure Chat Box 6.1 Medium2026-03-12
CVE-2026-3993 itsourcecode Payroll Management System manage_employee_deductions.php cross site scripting — Payroll Management System 4.3 Medium2026-03-12
CVE-2026-3990 CesiumGS CesiumJS standalone.html cross site scripting — CesiumJS 4.3 Medium2026-03-12
CVE-2026-3984 Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site scripting — Division Regional Athletic Meet Game Result Matrix System 3.5 Low2026-03-12
CVE-2026-3983 Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting — Division Regional Athletic Meet Game Result Matrix System 3.5 Low2026-03-12
CVE-2026-3982 itsourcecode University Management System view_result.php cross site scripting — University Management System 4.3 Medium2026-03-12
CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting — Machine-Learning-Web-Apps 4.3 Medium2026-03-11
CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer) — grafanacubism-panel 7.6 High2026-03-11
CVE-2026-32125 OpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/Labels — openemr 5.4 Medium2026-03-11
CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS) — openemr 5.4 Medium2026-03-11
CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal — openemr 7.7 High2026-03-11
CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text — openemr 5.4 Medium2026-03-11
CVE-2026-32112 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form — ha-mcp 6.8 Medium2026-03-11
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` — copyparty 3.7 Low2026-03-11
CVE-2026-32095 Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload — plunk 5.4 Medium2026-03-11
CVE-2026-3951 LockerProject Locker Error Response registry.js authIsAwesome cross site scripting — Locker 4.3 Medium2026-03-11
CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks — frappe 5.4AIMediumAI2026-03-11
CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`) — notesnook 5.4 Medium2026-03-11
CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types — parse-server 7.6AIHighAI2026-03-11
CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization — cms 6.1AIMediumAI2026-03-11
CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center Express 6.1 Medium2026-03-11
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center Express 6.1 Medium2026-03-11
CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise — Splunk Enterprise 6.3 Medium2026-03-11
CVE-2026-30235 Business Logic Error on OpenProject through hyperlinks in markdown using DOM clobbering — openproject 6.5 Medium2026-03-11
CVE-2026-1090 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2026-03-11
CVE-2026-3946 PHPEMS index.php cross site scripting — PHPEMS 3.5 Low2026-03-11
CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' — Name Directory 7.2 High2026-03-11
CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field — Checkout Field Editor (Checkout Manager) for WooCommerce 7.2 High2026-03-11
CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title — Gravity Forms 6.4 Medium2026-03-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.