Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21504

21504 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-53237 WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — WP Wizard Cloak 6.1AIMediumAI2026-02-20
CVE-2025-53228 WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnerability — bbpress Simple Advert Units 6.1AIMediumAI2026-02-20
CVE-2025-53231 WordPress Easy Taxonomy Images plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Easy Taxonomy Images 5.4AIMediumAI2026-02-20
CVE-2024-56208 WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability — NewsMash 5.4AIMediumAI2026-02-20
CVE-2024-52387 WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability — Master Addons for Elementor 5.4AIMediumAI2026-02-20
CVE-2024-51915 WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability — LiteSpeed Cache 5.4AIMediumAI2026-02-20
CVE-2024-50452 WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability — Nexter Blocks 5.4AIMediumAI2026-02-20
CVE-2024-50555 WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability — Elementor Website Builder 5.4AIMediumAI2026-02-20
CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 6.4 Medium2026-02-20
CVE-2026-26370 WordPress plugin Survey Maker 跨站脚本漏洞 — Survey Maker 6.1AIMediumAI2026-02-20
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting — WeRSS we-mp-rss 3.5 Low2026-02-20
CVE-2026-26993 Flare has XSS vulnerability in Raw File Preview — Flare 4.6 Medium2026-02-20
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name — librenms 4.8 -2026-02-20
CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Quiz Maker 6.4 Medium2026-02-20
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name — librenms 4.8 -2026-02-20
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags() — librenms 5.4 Medium2026-02-20
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule — librenms 4.3 Medium2026-02-20
CVE-2026-26987 LibreNMS affected by reflected XSS via email field — librenms 6.1 -2026-02-20
CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection — openclaw 5.8 Medium2026-02-19
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server. — Web Site Management Server 6.1AIMediumAI2026-02-19
CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server. — Web Site Management Server 6.1AIMediumAI2026-02-19
CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability — myCred 5.4AIMediumAI2026-02-19
CVE-2026-27360 WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by 10Web 5.4AIMediumAI2026-02-19
CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export — fabric.js 7.6 High2026-02-19
CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages — open-webui 7.3 High2026-02-19
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model — open-webui 7.3 High2026-02-19
CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php — CRM 5.4 -2026-02-19
CVE-2026-23619 GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS — MailEssentials AI 5.4 Medium2026-02-19
CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS — MailEssentials AI 5.4 Medium2026-02-19
CVE-2026-23617 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS — MailEssentials AI 5.4 Medium2026-02-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21504 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.