CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21501

21501 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-52475	Chamilo: Reflected XSS via keyword_inactive parameter — chamilo-lms	6.1^AI	Medium^AI	2026-03-02
CVE-2025-52476	Chamilo: Reflected XSS via keyword_active parameter — chamilo-lms	6.1^AI	Medium^AI	2026-03-02
CVE-2025-52470	Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name — chamilo-lms	4.8	Medium	2026-03-02
CVE-2025-52468	Chamilo: Stored XSS Vulnerability via CSV User Import — chamilo-lms	8.8	High	2026-03-02
CVE-2025-52482	Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php — chamilo-lms	8.3	High	2026-03-02
CVE-2025-50186	Chamilo: Stored XSS via Malicious CSV Filename in user_import.php — chamilo-lms	4.8	Medium	2026-03-02
CVE-2026-3412	itsourcecode University Management System att_single_view.php cross site scripting — University Management System	4.3	Medium	2026-03-02
CVE-2026-3403	PHPGurukul Student Record Management System edit-subject.php cross site scripting — Student Record Management System	2.4	Low	2026-03-02
CVE-2026-3402	PHPGurukul Student Record Management System edit-course.php cross site scripting — Student Record Management System	2.4	Low	2026-03-02
CVE-2026-28561	wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates — wpForo Forum	5.5	Medium	2026-02-28
CVE-2026-28560	wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script — wpForo Forum	5.5	Medium	2026-02-28
CVE-2026-28558	wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload — wpForo Forum	6.4	Medium	2026-02-28
CVE-2026-3010	TimePictra Stored Cross-Site Scripting — TimePictra	6.1	-	2026-02-28
CVE-2026-28426	Statamic vulnerable to privilege escalation via stored cross-site scripting — cms	8.7	High	2026-02-27
CVE-2026-28355	"PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting — canarytokens	6.1	-	2026-02-27
CVE-2026-28338	PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages — pmd	6.8	Medium	2026-02-27
CVE-2026-28272	Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability — security-advisories	8.1	High	2026-02-27
CVE-2026-26997	ClipBucket v5 has Stored XSS via Collection name — clipbucket-v5	5.4	-	2026-02-27
CVE-2026-27756	SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface — SODOLA SL902-SWTGW124AS	6.1	Medium	2026-02-27
CVE-2026-3327	Authenticated DatoCMS Web Previews Plugin Iframe Injection — Web Previews	3.5	-	2026-02-27
CVE-2025-11950	Reflected XSS in Knowhy's EduAsist — EduAsist	6.3	Medium	2026-02-27
CVE-2026-24351	Stored XSS in PluXml CMS — PluXml CMS	4.8	-	2026-02-27
CVE-2026-24350	Stored XSS in PluXml CMS — PluXml CMS	5.4	-	2026-02-27
CVE-2026-1434	Reflected XSS in Omega-PSIR — Omega-PSIR	6.1	-	2026-02-27
CVE-2025-14142	Electric Enquiries <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute — Electric Enquiries	6.4	Medium	2026-02-27
CVE-2026-2362	WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute — WP Accessibility	6.4	Medium	2026-02-27
CVE-2026-2383	Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Simple Download Monitor	6.4	Medium	2026-02-27
CVE-2025-14149	Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link — Xpro Addons — 140+ Widgets for Elementor	6.4	Medium	2026-02-27
CVE-2025-14040	Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields — Automotive Car Dealership Business WordPress Theme	6.4	Medium	2026-02-27
CVE-2026-3302	SourceCodester Doctor Appointment System Sign Up register.php cross site scripting — Doctor Appointment System	4.3	Medium	2026-02-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21501 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21501