CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500

21500 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-27236	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27240	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27239	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27234	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27231	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27230	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27229	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27266	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27254	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27228	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27248	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27257	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27226	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27253	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27224	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-27250	Adobe Experience Manager \| Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager	5.4	Medium	2026-03-11
CVE-2026-2569	Dear Flipbook <= 2.4.20 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels — Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer	6.4	Medium	2026-03-10
CVE-2026-31833	Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering — Umbraco-CMS	6.7	Medium	2026-03-10
CVE-2026-31823	Sylius has Authenticated Stored XSS — Sylius	4.8	Medium	2026-03-10
CVE-2026-31822	Sylius has a XSS vulnerability in checkout login form — Sylius	6.1^AI	Medium^AI	2026-03-10
CVE-2026-31809	SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS — siyuan	5.4^AI	Medium^AI	2026-03-10
CVE-2026-31807	SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS — siyuan	6.1^AI	Medium^AI	2026-03-10
CVE-2026-30948	Parse Server has stored cross-site scripting (XSS) via SVG file upload — parse-server	5.4^AI	Medium^AI	2026-03-10
CVE-2026-29177	Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout — commerce	5.4^AI	Medium^AI	2026-03-10
CVE-2026-29176	Craft Commerce has Stored XSS in Inventory Location Name — commerce	4.8^AI	Medium^AI	2026-03-10
CVE-2025-36226	Multiple vulnerabilities in IBM Aspera Faspex — Aspera Faspex 5	5.4	Medium	2026-03-10
CVE-2026-29175	Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking — commerce	6.1^AI	Medium^AI	2026-03-10
CVE-2026-29173	Craft Commerce has Stored XSS while updating Order Status from Orders Table — commerce	5.4^AI	Medium^AI	2026-03-10
CVE-2026-2266	Improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting via task list content and enabled arbitrary HTML injection — Enterprise Server	5.4^AI	Medium^AI	2026-03-10
CVE-2026-30977	RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode — RenderBlocking	4.8^AI	Medium^AI	2026-03-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500