Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21501

21501 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22720 VMware Aria Operations stored cross-site scripting vulnerability — VMware Aria Operations 8.0 High2026-02-25
CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function — rucio 7.3 High2026-02-25
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability — rucio 8.1 High2026-02-25
CVE-2026-25743 OpenEMR has Stored XSS in Questionnaire answers — openemr 5.4AIMediumAI2026-02-25
CVE-2026-20091 Cisco UCS Manager and FXOS Software Stored Cross-Site Scripting Vulnerability — Cisco Firepower Extensible Operating System (FXOS) 4.8 Medium2026-02-25
CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — Secure Copy Content Protection and Content Locking 6.4 Medium2026-02-25
CVE-2026-3171 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting — Patients Waiting Area Queue Management System 3.5 Low2026-02-25
CVE-2026-3170 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System patient-search.php cross site scripting — Patients Waiting Area Queue Management System 2.4 Low2026-02-25
CVE-2026-1614 Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes — Rise Blocks – A Complete Gutenberg Page Builder 6.4 Medium2026-02-25
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response — changedetection.io 6.1 Medium2026-02-25
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS — karakeep 8.2 High2026-02-25
CVE-2026-27639 Mercator vulnerable to stored XSS via unescaped Blade directives in display templates — mercator 5.4AIMediumAI2026-02-25
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters — jeux 6.1 Medium2026-02-25
CVE-2026-27612 Repostat Vulnerable to Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard — repostat 6.1 Medium2026-02-25
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload — Core 5.4AIMediumAI2026-02-25
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering — bugsink 9.3 Critical2026-02-25
CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover — rustfs 9.1 Critical2026-02-25
CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation — openemr 8.7 High2026-02-25
CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper — openemr 5.4 -2026-02-25
CVE-2026-26351 GetSimpleCMS-CE < 3.3.22 Stored XSS via components.php — GetSimpleCMS-CE 4.8 -2026-02-24
CVE-2026-23858 Dell Wyse Management Suite WMS 跨站脚本漏洞 — Wyse Management Suite 5.4 Medium2026-02-24
CVE-2026-27156 NiceGUI has XSS via Code Injection — nicegui 6.1 Medium2026-02-24
CVE-2026-27517 Binardat 10G08-0800GSM Network Switch XSS — 10G08-0800GSM Network Switch 6.1 Medium2026-02-24
CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection — AVideo 9.0 -2026-02-24
CVE-2026-3070 SourceCodester Modern Image Gallery App upload.php cross site scripting — Modern Image Gallery App 4.3 Medium2026-02-24
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type — cms 4.8AIMediumAI2026-02-24
CVE-2026-3054 Alinto SOGo cross site scripting — SOGo 4.3 Medium2026-02-24
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting — horilla 3.5 Low2026-02-24
CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component — new-api 7.6 High2026-02-24
CVE-2026-3043 itsourcecode Event Management System navbar.php cross site scripting — Event Management System 4.3 Medium2026-02-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21501 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.