Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21501

21501 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List — osctrl 6.1 Medium2026-02-26
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads — initiative 8.7 High2026-02-26
CVE-2026-27154 Discourse has XSS when editing a malicious post — discourse 5.4AIMediumAI2026-02-26
CVE-2026-2680 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2679 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2678 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2677 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product — E-Commerce Product 7.6 High2026-02-26
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services — Checkmk 6.1AIMediumAI2026-02-26
CVE-2026-28083 WordPress Flatsome theme <= 3.20.5 - Cross Site Scripting (XSS) vulnerability — Flatsome 6.5 Medium2026-02-26
CVE-2026-1696 Missing security HTTP headers — PcVue 6.5AIMediumAI2026-02-26
CVE-2026-1695 XSS vulnerability upon unsuccessful authentication — PcVue 6.1AIMediumAI2026-02-26
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player) — audiobookshelf-app 4.8 Medium2026-02-26
CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata — audiobookshelf 4.8 Medium2026-02-26
CVE-2026-27973 Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App) — audiobookshelf 4.0 Medium2026-02-26
CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS) — angular 6.1AIMediumAI2026-02-26
CVE-2026-27948 Copyparty vulnerable to eflected cross-site scripting via setck parameter — copyparty 5.4 Medium2026-02-26
CVE-2026-2499 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting — Custom Logo 4.4 Medium2026-02-26
CVE-2026-2498 WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings — WP Social Meta 4.4 Medium2026-02-26
CVE-2026-2489 TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea — TP2WP Importer 4.4 Medium2026-02-26
CVE-2026-2029 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes — Livemesh Addons for Beaver Builder 6.4 Medium2026-02-26
CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' — EM Cost Calculator 6.1 Medium2026-02-26
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers — svelte 6.1AIMediumAI2026-02-26
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` — svelte 6.1AIMediumAI2026-02-26
CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure — vikunja 7.3 High2026-02-25
CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module — vikunja 6.1 Medium2026-02-25
CVE-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.0 High2026-02-25
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute — rucio 6.1 Medium2026-02-25
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name — rucio 6.1 Medium2026-02-25
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata — rucio 6.1 Medium2026-02-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21501 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.