Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2502 xmlrpc attacks blocker <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' — xmlrpc attacks blocker 6.1 Medium2026-02-19
CVE-2025-12117 Renden <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title — Renden 6.4 Medium2026-02-19
CVE-2025-13048 Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname — StatCounter – Free Real Time Visitor Stats 6.4 Medium2026-02-19
CVE-2025-12116 Drift <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title — Drift 6.4 Medium2026-02-19
CVE-2025-12451 Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Easy SVG Support 4.4 Medium2026-02-19
CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Smartsupp – live chat, AI shopping assistant and chatbots 6.4 Medium2026-02-19
CVE-2025-11706 Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting — Aruba HiSpeed Cache 6.1 Medium2026-02-19
CVE-2026-26281 InvoicePlane has Stored Cross-Site Scripting (XSS) Issue in Sumex Invoice View — InvoicePlane 4.4 Medium2026-02-18
CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting — InvoicePlane 5.4 Medium2026-02-18
CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List — InvoicePlane 4.8 Medium2026-02-18
CVE-2026-25595 InvoicePlane has Stored XSS via Invoice Number in Invoice View and Dashboard — InvoicePlane 4.8 Medium2026-02-18
CVE-2026-25594 InvoicePlane has Stored XSS via Family Name in Product Form — InvoicePlane 4.8 Medium2026-02-18
CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlane 5.7 Medium2026-02-18
CVE-2019-25356 Bematech Printer MP-4200 TH Cross-Site Scripting — MP-4200 6.1 Medium2026-02-18
CVE-2026-27177 MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint — MajorDoMo 7.2 High2026-02-18
CVE-2026-27178 MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox — MajorDoMo 7.2 High2026-02-18
CVE-2026-27176 MajorDoMo Reflected Cross-Site Scripting in command.php — MajorDoMo 6.1 Medium2026-02-18
CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlane 5.7 Medium2026-02-18
CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlane 5.7 Medium2026-02-18
CVE-2019-25400 IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi — IPFire 5.4 Medium2026-02-18
CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi — IPFire 6.1 Medium2026-02-18
CVE-2019-25399 IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi — IPFire 6.4 Medium2026-02-18
CVE-2019-25397 IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi — IPFire 6.1 Medium2026-02-18
CVE-2019-25396 IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi — IPFire 6.1 Medium2026-02-18
CVE-2026-24746 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue — InvoicePlane 5.7 Medium2026-02-18
CVE-2026-25500 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href — rack 5.4 Medium2026-02-18
CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 6.1 Medium2026-02-18
CVE-2025-8308 Reflected XSS in Key Software's INFOREX — INFOREX- General Information Management System 6.3 Medium2026-02-18
CVE-2025-14340 Admin Account Takeover via malicious URL payload — Payara Server 6.1AIMediumAI2026-02-18
CVE-2026-1441 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web Interface 6.1 -2026-02-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.