Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php — OPNsense 6.1 Medium2026-02-15
CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php — OPNsense 6.4 Medium2026-02-15
CVE-2019-25368 OPNsense 19.1 Reflected XSS via diag_backup.php — OPNsense 5.4 Medium2026-02-15
CVE-2019-25367 ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface — ArangoDB Community Edition 5.4 Medium2026-02-15
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget — Essential Addons for Elementor – Popular Elementor Templates & Widgets 6.4 Medium2026-02-14
CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode — Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred 6.4 Medium2026-02-14
CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log — Super Page Cache 7.2 High2026-02-14
CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute — ZoomifyWP Free 6.4 Medium2026-02-14
CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field — Chatbot for WordPress by Collect.chat ⚡️ 6.4 Medium2026-02-14
CVE-2026-1915 Simple Plyr <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute — Simple Plyr 6.4 Medium2026-02-14
CVE-2026-1985 Press3D <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block — Press3D 6.4 Medium2026-02-14
CVE-2026-0753 Super Simple Contact Form <= 1.6.2 - Reflected Cross-Site Scripting via 'sscf_name' Parameter — Super Simple Contact Form 7.2 High2026-02-14
CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter — User Language Switch 4.4 Medium2026-02-14
CVE-2025-15483 Link Hopper <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter — Link Hopper 4.4 Medium2026-02-14
CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute — UpMenu – Online ordering for restaurants 6.4 Medium2026-02-14
CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute — Best-wp-google-map 6.4 Medium2026-02-14
CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions — Allow HTML in Category Descriptions 4.4 Medium2026-02-14
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode — MasterStudy LMS WordPress Plugin – for Online Courses and Education 6.4 Medium2026-02-14
CVE-2026-1905 Sphere Manager <= 1.0.2 - Authenticated (Contributor+) Cross-Site Scripting via 'width' Shortcode Attribute — Sphere Manager 6.4 Medium2026-02-14
CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode — WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards 6.4 Medium2026-02-14
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting — Address Bar Ads 6.1 Medium2026-02-14
CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute — Ravelry Designs Widget 6.4 Medium2026-02-14
CVE-2026-1939 Percent to Infograph <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Percent to Infograph 6.4 Medium2026-02-14
CVE-2026-1792 Geo Widet <= 1.0 - Reflected Cross-Site Scripting — Geo Widget 6.1 Medium2026-02-14
CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — QuestionPro Surveys 6.4 Medium2026-02-14
CVE-2026-0751 Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter — Payment Page | Payment Form for Stripe 6.4 Medium2026-02-14
CVE-2026-1796 StyleBidet <= 1.0.0 - Reflected Cross-Site Scripting — StyleBidet 6.1 Medium2026-02-14
CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute — Citations tools 6.4 Medium2026-02-14
CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' — Easy Voice Mail 6.1 Medium2026-02-14
CVE-2026-1904 Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute — Simple Wp colorfull Accordion 6.4 Medium2026-02-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.