CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500

21500 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-30974	Copyparty volflag `nohtml` did not block javascript in svg files — copyparty	4.6	Medium	2026-03-10
CVE-2025-13902	Schneider Electric多款产品跨站脚本漏洞 — Modicon Controllers M241/M251	5.4^AI	Medium^AI	2026-03-10
CVE-2026-26144	Microsoft Excel Information Disclosure Vulnerability — Microsoft 365 Apps for Enterprise	7.5	High	2026-03-10
CVE-2026-26105	Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016	8.1	High	2026-03-10
CVE-2026-25972	Fortinet FortiSIEM 跨站脚本漏洞 — FortiSIEM	4.1	Medium	2026-03-10
CVE-2025-53608	Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox	4.6	Medium	2026-03-10
CVE-2026-30934	FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) — filebrowser	8.9	High	2026-03-10
CVE-2026-3228	NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode — NextScripts: Social Networks Auto-Poster	6.4	Medium	2026-03-10
CVE-2026-2724	Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields — Unlimited Elements For Elementor	7.2	High	2026-03-10
CVE-2026-1261	MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting — MetForm Pro	7.2	High	2026-03-10
CVE-2025-36173	InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes. — InfoSphere Data Architect	6.1	Medium	2026-03-10
CVE-2026-0489	DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service) — SAP Business One (Job Service)	6.1	Medium	2026-03-10
CVE-2026-30919	facileManager Affected by Stored Cross-Site Scripting (XSS) — facileManager	7.6	High	2026-03-09
CVE-2026-30918	facileManager Affected by Reflected Cross-Site Scripting (XSS) — facileManager	7.6	High	2026-03-09
CVE-2026-30917	Stored XSS on Bucket namespace pages — mediawiki-extensions-Bucket	5.4^AI	Medium^AI	2026-03-09
CVE-2026-30913	flarum/nickname: Display name injection in notification emails (autolink & markdown) — nicknames	4.6	Medium	2026-03-09
CVE-2026-30862	Critical Stored XSS & Privilege Escalation in Appsmith — appsmith	9.1	Critical	2026-03-09
CVE-2026-3819	SourceCodester Resort Reservation System Reservation Management page cross site scripting — Resort Reservation System	3.5	Low	2026-03-09
CVE-2025-40638	Reflected Cross-Site Scripting (XSS) in Eventobot — Eventobot	6.1^AI	Medium^AI	2026-03-09
CVE-2026-3812	itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting — Payroll Management System	4.3	Medium	2026-03-09
CVE-2026-3766	SourceCodester Web-based Pharmacy Product Management System edit-profile.php cross site scripting — Web-based Pharmacy Product Management System	3.5	Low	2026-03-08
CVE-2026-3763	code-projects Simple Flight Ticket Booking System showhistory.php cross site scripting — Simple Flight Ticket Booking System	4.3	Medium	2026-03-08
CVE-2026-3743	YiFang CMS D_singlePageGroup.php update cross site scripting — CMS	3.5	Low	2026-03-08
CVE-2026-3742	YiFang CMS D_singlePage.php update cross site scripting — CMS	3.5	Low	2026-03-08
CVE-2026-3741	YiFang CMS D_friendLink.php update cross site scripting — CMS	3.5	Low	2026-03-08
CVE-2026-3721	1024-lab/lab1024 SmartAdmin Help Documentation HelpDocAddForm.java cross site scripting — SmartAdmin	3.5	Low	2026-03-08
CVE-2026-3720	1024-lab/lab1024 SmartAdmin Notice notice-form-drawer.vue cross site scripting — SmartAdmin	3.5	Low	2026-03-08
CVE-2026-3716	Wavlink WL-WN579X3-C adm.cgi sub_401AD4 cross site scripting — WL-WN579X3-C	2.4	Low	2026-03-08
CVE-2026-3702	SourceCodester Loan Management System index.php cross site scripting — Loan Management System	4.3	Medium	2026-03-08
CVE-2026-30838	league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names — commonmark	5.4	-	2026-03-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500