CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500

21500 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28042	WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability — Listify	6.1	-	2026-03-05
CVE-2026-28037	WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability — EventON	6.1	-	2026-03-05
CVE-2026-27385	WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — DesignThemes Portfolio	6.1	-	2026-03-05
CVE-2026-27382	WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability — Metro	6.1	-	2026-03-05
CVE-2026-27376	WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability — Claue - Clean, Minimal Elementor WooCommerce Theme	6.1	-	2026-03-05
CVE-2026-27375	WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gecko	6.1	-	2026-03-05
CVE-2026-27363	WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability — WP Bakery Autoresponder Addon	6.1	-	2026-03-05
CVE-2026-27367	WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability — Musico	7.1	High	2026-03-05
CVE-2026-27352	WordPress Starto theme < 2.2.5 - Cross Site Scripting (XSS) vulnerability — Starto	7.1	High	2026-03-05
CVE-2026-27353	WordPress Grand News \| Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability — Grand News	6.1	-	2026-03-05
CVE-2026-27359	WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability — Awa Plugins	6.1	-	2026-03-05
CVE-2026-27358	WordPress Architecturer theme < 3.9.5 - Cross Site Scripting (XSS) vulnerability — Architecturer	7.1	High	2026-03-05
CVE-2026-27354	WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability — WooCommerce Coming Soon Product with Countdown	6.1	-	2026-03-05
CVE-2026-27348	WordPress Photography theme < 7.7.6 - Cross Site Scripting (XSS) vulnerability — Photography	7.1	High	2026-03-05
CVE-2026-27332	WordPress Agrofood theme < 1.4.0 - Cross Site Scripting (XSS) vulnerability — Agrofood	6.1	-	2026-03-05
CVE-2026-22465	WordPress BuddyApp theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability — BuddyApp	6.1	-	2026-03-05
CVE-2026-22467	WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — DeepDigital	6.1	-	2026-03-05
CVE-2026-22455	WordPress Thebe theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Thebe	6.1	-	2026-03-05
CVE-2026-22438	WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability — TheBi	6.1	-	2026-03-05
CVE-2026-22440	WordPress Thecs theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — Thecs	6.1	-	2026-03-05
CVE-2025-69343	WordPress Theater for WordPress plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability — Theater for WordPress	5.4	-	2026-03-05
CVE-2026-29052	HumHub Calendar Module: Stored XSS in Event Types — calendar	5.4	-	2026-03-05
CVE-2026-3034	OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls — OoohBoi Steroids for Elementor	6.4	Medium	2026-03-05
CVE-2026-2365	Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission — Fluent Forms Pro Add On Pack	7.2	High	2026-03-05
CVE-2025-66024	XWiki Blog Application home page vulnerable to Stored XSS via Post Title — application-blog-ui	5.4^AI	Medium^AI	2026-03-04
CVE-2026-20102	Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	6.1	Medium	2026-03-04
CVE-2026-20149	Cisco Webex 跨站脚本漏洞 — Cisco Webex Meetings	6.1	Medium	2026-03-04
CVE-2019-25502	Simple Job Script Cross-Site Scripting via job_type_value Parameter — Simple Job Script	6.1	Medium	2026-03-04
CVE-2025-40895	HTML injection in Sensor Map in CMC before 25.6.0 — CMC	4.8	Medium	2026-03-04
CVE-2025-40894	HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 — Guardian	4.4	Medium	2026-03-04

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500