CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1440	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web Interface	6.1	-	2026-02-18
CVE-2026-1439	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web Interface	6.1	-	2026-02-18
CVE-2026-1438	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web Interface	6.1	-	2026-02-18
CVE-2026-1437	Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface — Graylog Web Interface	6.1	-	2026-02-18
CVE-2025-11185	Complianz \| GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Complianz – GDPR/CCPA Cookie Consent	6.4	Medium	2026-02-18
CVE-2025-13727	Video Share VOD <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values — Video Share VOD – Turnkey Video Site Builder Script	4.4	Medium	2026-02-18
CVE-2026-1649	Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter — Community Events	4.4	Medium	2026-02-18
CVE-2026-1941	WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar	6.4	Medium	2026-02-18
CVE-2026-1943	YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements — YayMail – WooCommerce Email Customizer	4.4	Medium	2026-02-18
CVE-2026-2281	Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting — Private Comment	4.4	Medium	2026-02-18
CVE-2026-1666	Download Manager <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter — Download Manager	6.1	Medium	2026-02-18
CVE-2026-1807	InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — InteractiveCalculator for WordPress	6.4	Medium	2026-02-18
CVE-2026-1304	Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings — Membership Plugin – Restrict Content	4.4	Medium	2026-02-18
CVE-2025-11737	VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title — VK All in One Expansion Unit	6.4	Medium	2026-02-18
CVE-2025-12037	WP 404 Auto Redirect <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting — WP 404 Auto Redirect to Similar Post	4.4	Medium	2026-02-18
CVE-2025-6460	Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter — Display During Conditional Shortcode	6.4	Medium	2026-02-18
CVE-2026-1931	Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter — Rent Fetch	7.2	High	2026-02-18
CVE-2025-13959	Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Filestack	6.4	Medium	2026-02-18
CVE-2025-62183	Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low. — Pega Infinity	4.8^AI	Medium^AI	2026-02-17
CVE-2025-33135	IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities — Financial Transaction Manager for ACH Services and Check Services for Multi-Platform	6.1	Medium	2026-02-17
CVE-2026-2622	Blossom Article Title ArticleController.java content cross site scripting — Blossom	3.5	Low	2026-02-17
CVE-2026-26357	Dell Unisphere for PowerMax 跨站脚本漏洞 — Unisphere for PowerMax 9.2.4.18	5.4	Medium	2026-02-17
CVE-2025-36019	Multiple Vulnerabilities in IBM Concert Software. — Concert	6.1	Medium	2026-02-17
CVE-2026-23861	Dell Unisphere for PowerMax vApp 跨站脚本漏洞 — Unisphere for PowerMax vApp,	5.4	Medium	2026-02-17
CVE-2025-8303	XSS in EKA Software's Real Estate Script V5 (With Doping Module – Store Module – New Language System) — Real Estate Script V5 (With Doping Module – Store Module – New Language System)	6.5	Medium	2026-02-17
CVE-2026-1216	RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging	7.2	High	2026-02-17
CVE-2026-2002	Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — Forminator Forms – Contact Form, Payment Form & Custom Form Builder	4.4	Medium	2026-02-17
CVE-2019-25395	Smoothwall Express 3.1 'preferences.cgi' Cross-Site Scripting — Smoothwall Express	7.2	High	2026-02-16
CVE-2019-25394	Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting — Smoothwall Express	7.2	High	2026-02-16
CVE-2019-25393	Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting — Smoothwall Express	6.1	Medium	2026-02-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506