Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21500

21500 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2355 My Calendar – Accessible Event Manager <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — My Calendar – Accessible Event Manager 6.4 Medium2026-03-04
CVE-2026-1706 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter — All-in-One Video Gallery 6.1 Medium2026-03-04
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More 6.4 Medium2026-03-04
CVE-2026-28772 Reflected XSS in IDC_Logging Index endpoint — SFX Series SuperFlex SatelliteReceiver Web Management Interface 6.1AIMediumAI2026-03-04
CVE-2026-28771 Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101 — SFX Series SuperFlex Satellite Receiver Web Management Interface 6.1AIMediumAI2026-03-04
CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form — Concrete CMS 5.4 -2026-03-04
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block. — Concrete CMS 4.8 -2026-03-04
CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block — Concrete CMS 4.8 -2026-03-04
CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names — Concrete CMS 4.8 -2026-03-04
CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field — Morkva UA Shipping 4.4 Medium2026-03-04
CVE-2026-2289 Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field — Taskbuilder – Project Management & Task Management Tool With Kanban Board 4.4 Medium2026-03-04
CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters — WPBookit 7.2 High2026-03-04
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload — homebox 4.6 Medium2026-03-03
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering — aliasvault 9.3 Critical2026-03-03
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs — glpi-inventory-plugin 4.5 Medium2026-03-03
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter — openstamanager 6.1AIMediumAI2026-03-03
CVE-2026-21866 Dify - Stored XSS in chat — dify 5.4AIMediumAI2026-03-03
CVE-2026-0540 DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML — DOMPurify 6.1 Medium2026-03-03
CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML — DOMPurify 6.1 Medium2026-03-03
CVE-2026-3343 WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI — Fireware OS 6.1AIMediumAI2026-03-03
CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting — WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms 7.2 High2026-03-03
CVE-2026-3455 mailparser 安全漏洞 — mailparser 6.1 Medium2026-03-03
CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields — Blocksy 6.4 Medium2026-03-02
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28359 NocoDB: Stored Cross-Site Scripting via Rich Text Field — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell — nocodb 5.4AIMediumAI2026-03-02
CVE-2025-52563 Chamilo: Reflected XSS via page parameter — chamilo-lms 6.1AIMediumAI2026-03-02
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter — chamilo-lms 6.1AIMediumAI2026-03-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.